Daniele Antonioli, an expert at the Eurecom Research Institute (France), has discovered a series of unknown security weaknesses in BLUFFS (Bluetooth Forward and Future Secrecy) technology. These vulnerabilities are related to how to obtain the Bluetooth connection session key to decrypt data exchanged between two devices.
Illustration of Bluetooth connection on smartphone. Photo: Phonearena
BLUFFS affects devices using Bluetooth versions from 4.2, released in December 2014, to version 5.4, released in February. Researchers found six ways to attack BLUFFS, each using impersonation different devices or man-in-the-middle attacks.
The above methods are all effective in attacking even if the user’s device is equipped with the latest Bluetooth security features, due to vulnerabilities related to the basic architecture of Bluetooth. Therefore, billions of devices from tablets, laptops, smartphones to headphones using Bluetooth are at risk of being attacked.
After receiving Eurecom’s report, Bluetooth SIG, the non-profit organization that oversees the development and is responsible for licensing Bluetooth, issued a warning and advised users to refuse connections that do not meet the requirements. password.
For mobile devices, users should regularly update the software. More importantly, they should turn off Bluetooth when not in use to reduce the risk of being attacked, as well as be cautious of paired devices, not agreeing to pair with unknown sources.
EN 
VI
Leave a Reply
You must be logged in to post a comment.