New BLUFFS attack lets attackers hijack Bluetooth connections

Researchers at Eurecom have developed six new attacks collectively named 'BLUFFS' that can break the secrecy of Bluetooth sessions, allowing for device impersonation and man-in-the-middle attacks. Daniele Antonioli, who discovered the attacks, explains that BLUFFS exploits two previously unknown flaws in the Bluetooth standard related to how session keys are derived to decrypt data in exchange. These flaws are not specific to hardware or software configurations but are architectural instead, meaning they affect Bluetooth at a fundamental level. The issues are tracked under the identifier CVE-2023-24023 and impact Bluetooth Core Specification 4.2 through 5.4. Considering the widespread use of the well-established wireless communication standard and the versions impacted by the exploits, BLUFFS could work against billions of devices, including laptops, smartphones, and other mobile devices. BLUFFS is a series of exploits targeting Bluetooth, aiming to break Bluetooth sessions' forward and future secrecy, compromising the confidentiality of past and future communications between devices. This is achieved by exploiting four flaws in the session key derivation process, two of which are new, to force the derivation of a short, thus weak and predictable session key. Next, the attacker brute-forces the key, enabling them to decrypt past communication and decrypt or manipulate future communications. Executing the attack presupposes that the attacker is within Bluetooth range of the two targets that exchange data and impersonates one to negotiate for a weak session key with the other, proposing the lowest possible key entropy value and using a constant session key diversifier. The published paper presents six types of BLUFFS attacks, covering various combinations of impersonating and MitM attacks, which work regardless of whether the victims support Secure Connections or Legacy Secure Connections. The researchers developed and shared a toolkit on GitHub that demonstrates the effectiveness of BLUFFS. It includes a Python script to test the attacks, the ARM patches, the parser, and the PCAP samples captured during their tests. BLUFFS impacts Bluetooth 4.2, released in December 2014, and all versions up to the latest, Bluetooth 5.4, released in February 2023. The Eurecom paper presents test results for BLUFFS against various devices, including smartphones, earphones, and laptops, running Bluetooth versions 4.1 through 5.2. All of them were confirmed to be susceptible to at least three out of six BLUFFS attacks. Bluetooth SIG, the non-profit organization that oversees the development of the Bluetooth standard and is responsible for licensing the technology, has received Eurecom's report and published a statement on its site. The organization suggests that implementations reject connections with low key strengths below seven octets, use 'Security Mode 4 Level 4', which ensures a higher encryption strength level, and operate in 'Secure Connections Only' mode when pairing. Researchers extract RSA keys from SSH server signing errors. Flipper Zero Bluetooth spam attacks ported to new Android app. Flipper Zero can now spam Android, Windows users with Bluetooth alerts. Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to New BLUFFS attack lets attackers hijack Bluetooth connections

New BLUFFS attack lets attackers hijack Bluetooth connections - Researchers at Eurecom have developed six new attacks collectively named 'BLUFFS' that can break the secrecy of Bluetooth sessions, allowing for device impersonation and man-in-the-middle attacks. Daniele Antonioli, who discovered the attacks, ...
10 months ago Bleepingcomputer.com
Unraveling the Wonders of Bluetooth - Continuing its evolution, Bluetooth 3.0 + HS arrived in 2009, introducing the concept of Bluetooth High Speed, leveraging Wi-Fi technology for faster data transfer over short distances. Bluetooth 4.0, introduced in 2010, marked a significant ...
8 months ago Feeds.dzone.com
CVE-2021-47038 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hci_dev->lock and socket lock Commit eab2404ba798 ("Bluetooth: Add BT_PHY socket option") added a dependency between socket lock and hci_dev->lock ...
7 months ago Tenable.com
Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover - Attackers can exploit a critical Bluetooth security vulnerability that's been lurking largely unnoticed for years on macOS, iOS, Android, and Linux device platforms. The keystroke injection vulnerability allows an attacker to control the targeted ...
10 months ago Darkreading.com
Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
1 year ago Trendmicro.com
New Bluetooth Vulnerability Leak Your Passcode to Hackers During Pairing - To mitigate this risk, Bluetooth Core Specification 5.4 advises that devices should fail a pairing procedure if a peer’s public key X coordinate matches that of the local device, except when a debug key is used. This vulnerability, known as ...
1 week ago Cybersecuritynews.com
CVE-2024-26890 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: fix out of bounds memory access The problem is detected by KASAN. btrtl driver uses private hci data to store 'struct btrealtek_data'. If btrtl driver is used with ...
5 months ago Tenable.com
Bluetooth Flaw Let Hackers Takeover of iOS & Android Devices - Bluetooth vulnerabilities in Android, Linux, macOS, iOS, and Windows are critical as hackers could exploit them to gain unauthorized access to the vulnerable devices. Such flaws in Bluetooth protocols enable the threat actors to steal sensitive data, ...
8 months ago Cybersecuritynews.com
'Wall of Flippers' detects Flipper Zero Bluetooth spam attacks - A new Python project called 'Wall of Flippers' detects Bluetooth spam attacks launched by Flipper Zero and Android devices. By detecting the attacks and identifying their origin, users can take targeted protection measures, and culprits can ...
9 months ago Bleepingcomputer.com
Apple 'Find My' network can be abused to steal keylogged passwords - Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards. The Find My network and application is designed to help users locate lost or misplaced ...
10 months ago Bleepingcomputer.com
Europol Raises Alarm on Criminal Misuse of Bluetooth Trackers - Europol has issued a new warning regarding an emerging trend in organized crime involving the use of Bluetooth trackers. Originally designed to help individuals locate personal items and prevent vehicle theft, these small devices are being ...
10 months ago Infosecurity-magazine.com
CVE-2024-36968 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
10 months ago Esecurityplanet.com
Critical Bluetooth flaw could take over Android, Apple, Linux devices - A critical Bluetooth security bug that's reportedly been lurking about for several years can potentially be exploited by attackers to take control of Android, Linux, macOS, and iOS machines. The flaw - CVE-2023-45866 - is an authentication bypass ...
10 months ago Packetstormsecurity.com
Apple and some Linux distros are open to Bluetooth attack The Register - A years-old Bluetooth authentication bypass vulnerability allows miscreants to connect to Apple, Android and Linux devices and inject keystrokes to run arbitrary commands, according to a software engineer at drone technology firm SkySafe. The bug, ...
10 months ago Go.theregister.com
Bluetooth Security Flaw Strikes Apple, Linux, and Android Devices - Vulnerabilities in the constantly changing technology landscape present serious risks to the safety of our online lives. A significant Bluetooth security weakness that affects Apple, Linux, and Android devices has recently come to light in the ...
10 months ago Cysecurity.news
CVE-2021-21367 - Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. When the Bluetooth plug is running (in discoverable mode), Bluetooth service requests and pairing requests ...
3 years ago
East Texas hospital network can't receive ambulances because of potential cybersecurity incident - GetTime();if(!(u<=a&&d<=l throw new RangeError("Invalid interval");return r.inclusive?u<=l&&d<=a:ut||isNaN(t. Step):1;if(s<1||isNaN(s throw new RangeError("`options. Step):1;if(l<1||isNaN(l throw new RangeError("`options. GetTime()<=n throw new ...
10 months ago Cnn.com
Flipper Zero can now spam Android, Windows users with Bluetooth alerts - A custom Flipper Zero firmware called 'Xtreme' has added a new feature to perform Bluetooth spam attacks on Android and Windows devices. A security researcher previously demonstrated the technique against Apple iOS devices, inspiring others to ...
10 months ago Bleepingcomputer.com
Flipper Zero Bluetooth spam attacks ported to new Android app - Recent Flipper Zero Bluetooth spam attacks have now been ported to an Android app, allowing a much larger number of devices to implement these annoying spam alerts. Inspired by previous research on the topic and Flipper Zero applets targeting iOS ...
10 months ago Bleepingcomputer.com
New Bluetooth Vulnerability Leak, Your Passcode to Hackers During Pairing - The vulnerability, CVE-2020-26558, is found in devices supporting the Passkey Entry association model in various Bluetooth Core Specifications, ranging from version 2.1 to 5.4. It affects BR/EDR Secure Simple Pairing and LE Secure Connections Pairing ...
1 week ago Gbhackers.com
7 Best Attack Surface Management Software for 2024 - Attack surface management is a relatively new cybersecurity technology that combines elements of vulnerability management and asset discovery with the automation capabilities of breach and attack simulation and applies them to an organization's ...
9 months ago Esecurityplanet.com
New SLAM attack steals sensitive data from AMD, future Intel CPUs - Academic researchers developed a new side-channel attack called SLAM that exploits hardware features designed to improve security in upcoming CPUs from Intel, AMD, and Arm to obtain the root password hash from the kernel memory. SLAM is a transient ...
10 months ago Bleepingcomputer.com
Understanding the New SEC Rules for Disclosing Cybersecurity Incidents - The U.S. Securities and Exchange Commission recently announced its new rules for public companies regarding cybersecurity risk management, strategy, governance, and incident exposure. "Currently, many public companies provide cybersecurity disclosure ...
10 months ago Feeds.dzone.com
CVE-2021-29509 - Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)