#BLUFFS

New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks

by

December 4, 2023 at 08:36AM New BLUFFS vulnerabilities, detailed in CVE-2023-24023 with a 6.8 CVSS score, compromise Bluetooth Classic’s forward and future secrecy by enabling adversaries to impersonate devices and intercept communications between paired devices. Researchers suggest mitigation by using secure connection modes and sufficient key entropy. Key Takeaways from the Meeting on Bluetooth Vulnerability … Read more

Weak session keys let snoops take a byte out of your Bluetooth traffic

by

November 30, 2023 at 02:40AM Various Bluetooth chips from companies including Qualcomm, Broadcom, Intel, and Apple are susceptible to two security flaws discovered by researcher Daniele Antonioli, allowing unauthorized device impersonation and data interception. These vulnerabilities, present in Bluetooth standards since 2014, affect multiple devices and both Bluetooth security modes. Work is underway on fixes … Read more

New BLUFFS attack lets attackers hijack Bluetooth connections

by

November 28, 2023 at 04:59PM Researchers at Eurecom have discovered six new Bluetooth attacks called ‘BLUFFS’ that can compromise the secrecy of Bluetooth sessions, leading to device impersonation and man-in-the-middle attacks. These attacks exploit flaws in the Bluetooth standard and can impact billions of devices. The researchers have provided a toolkit on GitHub to demonstrate … Read more