Bluetooth Chips Vulnerable to Security Flaws: Impersonation and Data Interception
It turns out that multiple Bluetooth chips from big players like Qualcomm, Broadcom, Intel, and Apple have some serious security flaws. These vulnerabilities allow nearby attackers to impersonate devices and intercept sensitive data. Yikes!
The Discovery of the Flaws
These flaws were uncovered by Daniele Antonioli, an assistant professor at EURECOM’s software and system security group. In his paper titled “BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses,” he explains the attack vectors and how these vulnerabilities can be exploited.
What are BLUFFS?
BLUFFS, which stands for BLUetooth Forward and Future Secrecy, comprises six distinct attacks. These attacks manipulate the creation of weak session keys used during the establishment of secure communication channels between paired devices. By breaking these weak keys, attackers can hijack sessions and eavesdrop on victims’ conversations, data, and activities carried out over Bluetooth.
Impersonation and Data Interception
Antonioli’s research reveals that these attacks enable device impersonation and machine-in-the-middle tactics across sessions by compromising just one session key. The vulnerabilities he uncovered in the Bluetooth standard, related to unilateral and repeatable session key derivation, allow attackers to exploit Bluetooth regardless of hardware and software variations. These vulnerabilities affect a wide range of devices, including smartphones and wireless earbuds from Apple and Google, as well as a Lenovo ThinkPad. Antonioli successfully tested the BLUFFS attacks on 18 devices from various manufacturers, including Intel, Broadcom, Apple, Google, Microsoft, CSR, Logitech, Infineon, Bose, Dell, and Xiaomi.
The Impact and Countermeasures
Antonioli emphasizes that the BLUFFS attacks have a severe impact on Bluetooth’s security and privacy. However, he has proposed protocol-level countermeasures that vendors can implement while waiting for a more secure Bluetooth specification revision.
Disclosure and Response
The vulnerability was responsibly disclosed to the Bluetooth Special Interest Group (SIG) in October 2022. The SIG coordinated the disclosure of CVE-2023-24023 to multiple vendors. Google has classified BLUFFS as a high-severity vulnerability and is actively working on a fix. Intel has also awarded a bounty for the discovery but considers the severity to be medium. Apple, Logitech, and other vendors are reportedly aware of the issue and working on fixes.
Protecting Yourself
The Bluetooth SIG has issued a security notice advising those implementing Bluetooth to configure their systems to reject connections with weak keys. So, make sure you stay updated and take necessary precautions to protect your devices from potential attacks.
Photo: Freepik.com
