Advisory ID: NCC-CSIRT-061223-044
Summary: EURECOM researcher Daniele Antonioli discovered multiple novel attacks that break Bluetooth Classic's forward secrecy (a feature of specific key-agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised) and future secrecy guarantees (guarantees the confidentiality of future messages should the past keys get corrupted), resulting in man-in-the-middle (MitM) scenarios between two already connected peers. .
Threat Type(s): Vulnerability, and Man-in-the-Middle Attack.
Impact/Vulnerability: CRITICAL/HIGH
Product(s): Bluetooth
Platform(s): Smartphones, Laptops and Earphones
Version(s): Bluetooth 4.2, released in December 2014, and all versions up to the latest, Bluetooth 5.4, released in February 2023.
Description: The Bluetooth Forward and Future Secrecy (BLUFFS) Attack, as disclosed by the researchers, exploits four architectural vulnerabilities in the Bluetooth session establishment process specification. This attack involves deriving a weak session key and subsequently brute forcing it to impersonate arbitrary victims. The Man-in-the-Middle (MitM) attacker, posing as the paired device, can then negotiate a connection with the other end to establish subsequent encryption using legacy encryption. Additionally, an attacker in proximity can ensure the use of the same encryption key for every session and force the lowest supported encryption key length. Exploiting these weaknesses allows real-time brute-force attacks on the encryption key, enabling live injection attacks on traffic between vulnerable peers. The attack's success relies on the attacking device being within wireless range during the pairing procedure initiation and the ability to capture Bluetooth packets in plaintext and ciphertext, including the victim's Bluetooth address, and craft Bluetooth packets.
Consequences: By compromising a session key, an attacker can impersonate devices and establish man-in-the-middle (MitM) attacks, thereby undermining the future and forward secrecy guarantees provided by Bluetooth's pairing and session establishment security mechanisms.
Solution:
- Make sure that your Bluetooth devices operate in "Secure Connections Only Mode" to ensure sufficient key strength.
- Ensure that Bluetooth pairing is done via "Secure Connections" mode as opposed the legacy mode.
- Maintain a cache of seen session key diversifiers to prevent recycling.
- Requiring an attacker in the Central role to authenticate the pairing key.
References:
https://cybernews.com/security/bluetooth-connections-no-longer-private-with-bluffs-attacks/
https://thehackernews.com/2023/12/new-bluffs-bluetooth-attack-expose.html
https://www.bitdefender.com/blog/hotforsecurity/new-security-threats-in-bluetooth-technology-the-bluffs-attacks/
https://www.bleepingcomputer.com/news/security/new-bluffs-attack-lets-attackers-hijack-bluetooth-connections/
https://dl.acm.org/doi/10.1145/3576915.3623066