A recent report has potentially unveiled a major Bluetooth security issue that could allow criminals to impersonate other devices. This could affect even the latest update of Bluetooth and some of the older versions.
The security weaknesses were developed by a team at the research institute Eurecom. These weaknesses have been named “BLUFFS” or Bluetooth Forward and Future Secrecy. The weakness appears to affect Bluetooth versions from 4.1 to 5.4. Any phone model running these versions would be vulnerable to at least three of the six attack types developed, according to a report from Bleeping Computer. This would mean that every phone from the iPhone 6 to the iPhone 15 could be affected by BLUFF.
BLUFFS is not listed as a hardware or software configuration, but is instead architectural, which means it can't be fixed easily. The exploit has to do with two previously unknown flaws related to how session keys are derived to decrypt date.
BLUFFS requires the two phones to be within Bluetooth range of each other to work. Once within range, the attacker can alter the secure keys used for encrypting data. They can decode or tamper with the data, which requires the attacker to pretend to be one of the devices sharing data.
It is important to state that there is no guarantee that the majority of people will be affected by these flaws. However, there are a few things that can be done to protect your device. The first is to turn off Bluetooth when not in use. It is also a good idea to only connect with verified devices and never an unknown source.
Bluetooth is likely working on solving the issue and there have been a few suggestions. The first is to introduce a secure key generation. This would be a quick fix and would allow people to confirm their data is being sent to the right place. However, there will likely be more information to come on the proposed fixes.
Bluetooth SIG responds
Following the discovery of the flaw, Bluetooth SIG has released an official statement on the issue. In the statement, Bluetooth SIG has acknowledged the existence of the vulnerability and has advised that the potential impact can be mitigated by either denying access to specific resources or implementing security measures.
For instance, the inclusion of sufficient key entropy to make session key reuse of limited utility to an attacker. Key entropy, in regards to cyber security, is used to produce random numbers, which in turn are used to produce security keys to protect data while it's in storage or in transit. The higher the quality of the number, the better the security.
In response to this vulnerability, Bluetooth has strongly advised implementations to reject service-level connections with encryption keys below certain octets, a unit of digital information consisting of eight bits, depending on the device. They recommend having both devices operating in Secure Connections Only Mode will also ensure sufficient key strength.
Secure connections mode can also help by tracking a link key to see if it was established by Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR). This would mean that known devices that aimed to connect but weren't using the saved keys from prior connections would be flagged. The lack of prior saved keys, or if the octets key is too small, then do not connect.
How to protect yourself from potential attacks
At the time being, there's no real fix for the flaws described above and since they exist in the Bluetooth architecture, there won't likely be one until the next Bluetooth version is released. In the meantime though, there is one easy way to protect yourself from any attacks leveraging these flaws but, you're not going to like it.
For now, if you're really concerned about falling victim to a Bluetooth attack, you're best bet will be to disable Bluetooth when out and about. If you use the best Bluetooth headphones, this will be less than ideal but for those who don't, this is the best course of action you can take at the moment.
As 9To5Mac points out though, this isn't really convenient, so a more practical way to stay safe would be to avoid sending any sensitive files, photos or other data over Bluetooth while in a public setting. For iPhone users, this includes using AirDrop to send any photos or documents that contain sensitive personal info.
We'll likely find out more regarding how Bluetooth SIG plans to nip this problem in the bud once and for all once the next major Bluetooth release is ready to make its way into upcoming devices.
