Recently, security personnel shared a new attack method called "BLUFFS". Attackers discovered and exploited two unknown vulnerabilities in the Bluetooth standard that affect all Bluetooth devices from late 2014 to the present. Eurecom has demonstrated attack results against a variety of devices, and the results show that at least three attack methods are effective.
Considering that Bluetooth is a widely used and mature wireless communication standard, and the wide range of versions that these vulnerabilities may affect, "BLUFFS" attacks may pose a threat to billions of devices, including laptops, smartphones and other mobile devices. equipment.
is an attack designed to compromise the confidentiality of past and future Bluetooth sessions and pose a threat to communications between devices. It achieves its goals by exploiting two new vulnerabilities in the derivation process of four session keys. In an attack, brute force keys can be used to decrypt past communications and control or manipulate future communications.
These attacks are possible regardless of whether the victim supports Secure Connections (SC) or Legacy Secure Connections (LSC). To prevent this attack method, it is recommended to take various strong encryption measures, such as rejecting connections with a connection strength below seven bytes, using "Security Mode 4 Level 4", and operating only in secure connection mode when pairing. After receiving this report, the
Bluetooth SIG has issued a statement to remind users to pay attention and take appropriate protective measures. At the same time, they also recommend that developers consider security factors when designing Bluetooth devices and ensure that their products comply with the latest security standards.
