The recent identification of several security issues affecting Bluetooth-enabled devices has brought the spotlight on devices that utilize this protocol. In a report presented by the Eurecom researchers the researchers have six new attacks known as ‘BLUFFS’ which says that are six new developed attacks on Bluetooth which can bypass the security mechanisms implemented by Bluetooth and can cause risk to the confidential information which are being shared through Bluetooth.
This research has shown that all devices that operate through Bluetooth 4 were at risk due to this weakness. 5 – formerly Bluetooth 2 (launched in December 2014). 4 (launched in February 2023) The. This includes the latest iPhones, iPads and Mac.
What are BLUFFS bindings?
To conduct BLUFFS attacks, a threat actor needs to be in the range of the targeted devices. BLUFFS targets four vulnerabilities in the Bluetooth session key bypassing to be able to attack a target and pose as one of the devices.
Nevertheless, since BLUFFS is a part of a research project, users do not have to concern about potential deter usage of the deception in the wild. However, Eurecom’s vulnerabilities have unveiled issues with Bluetooth that have been in existence for quite some time. It is clear that BSIG will need to address these gaps as this group is responsible for development of Bluetooth standard.
Daniele Antonioli, who discovered the attacks, explained that BLUFFS exploits two previously unknown flaws in the Bluetooth standard related to the way session keys are derived to decrypt data, which pose the following risks:Daniele Antonioli, who discovered the attacks, explained that BLUFFS exploits two previously unknown flaws in the Bluetooth standard related to the way session keys are derived to decrypt data, which pose the following risks:
Device spoofing: For example, instead of executing data transmission to a familiar device (such as sending something from AirDrop to a friend) connecting to the attacker’s device.
Man-in-the-Middle (MitM) attack: In which data is sent to the desired device but rather than reaching the destination the data is hacked by an attacker so that he gets a duplicate of the same.
From the information gathered so far, it is however not clear whether or not the patches can be released for existing devices, and the situation amounts to device manufacturers to make certain changes to how they address security issues related to Bluetooth.
Stop using Bluetooth?
This scenario gives users little to no opportunity to protect their information from exposure. In this respect, some experts advise using Bluetooth at all only in public mode. And if specific actions are needed – for example, using Bluetooth headphones – they should be turned off when the headphones are not in use.
Research further shows that Apple on its part can rectify some of these problems through the use of operating system updates. Thus, when considering this particular risk, or any other of its kind, they advise to ensure the regular updates of the operating system.
Last but not least, one should be very careful when using such technologies as AirDrop, sending photos or different private documents.
However, because BLUFFS is a component of a research effort, users need not worry about the possible negative consequences of det usage of the deception in the wild. But the weaknesses revealed at Eurecom have exposed malfunctions in Bluetooth that have been around for some time. This group is responsible for the development of Bluetooth standard; therefore, BSIG will have to fill the gaps These. This approach means that users have limited options for privacy and control of their data. In this regard, experts advise one to ensure Bluetooth is switched off when in public domains. And if certain actions are required – for example, turning off the Bluetooth headset when done using it – this should be done as well.
Research further shows that Apple for instance can remedy such problems with patch release for the operating system. Therefore, when faced with this, or any other risk, they recommend, operating system updates.
Lastly, parents should be vigilant regarding sharing photos or personal documents with technologies, such as AirDrop.
