top of page
Sunrise Classes

Are Bluetooth connections secure?

Flaws in Bluetooth connections have been exploited in the past to compromise the security of users. Now, however, architectural problems in the technology are highlighting the risks posed by the use Bluetooth devices for communication

The use of Bluetooth connections to compromise the security of users is not a new problem. So far, vulnerabilities were thought to have existed due to lack of foresight on the manufacturer’s end.


However, recent research at Eurecom, a French Graduate School and digital research center, discovered two previously unknown flaws in the Bluetooth standard that are not specific to hardware or software configuration but are architectural. These affect Bluetooth on a fundamental level and impact billions of devices including laptops, smartphones, and other mobile devices. The flaws were found to impact not just older versions, even versions released as far as February 2023.

Using the previously unknown flaws researchers developed six new attacks collectively dubbed “BLUFFS” that can break the secrecy of Bluetooth sessions allowing attackers to impersonate devices and perform man-in-the-middle (MitM) attacks.


A man-in-the-middle or MitM attack is a cyber-attack where attackers intercept communication between devices. Attackers use this method for not just snooping on a private conversation between devices, but also to perform unauthorised purchases and hacking into devices.


The exploits targeting Bluetooth connections break Bluetooth sessions’ forward and future secrecy. This is achieved by exploiting flaws in the session’s key derivation process that allow attackers to brute-force the key. This allows them to decrypt past communication and decrypt or manipulate future communications.


This form of attack impacts devices including smartphones, earphones, and laptops running different versions of Bluetooth, all of which were confirmed to be susceptible to at least three out of the six attacks.


Remedies for flaws in Bluetooth technology

Researchers suggested modifications in the use of Bluetooth technology to remedy the flaws. These include introducing a new “Key Derivation Function”. Introduction of pairing keys for devices for mutual authentication to ensure attackers cannot use man-in-the-middle attacks to compromise security. Enforcing secure connections wherever possible and maintaining a cache of session keys to prevent reuse.

Bluetooth SIG (Special Interest Group), a non-profit organization overseeing the development of the Bluetooth standard in response to the report suggested changes in how the technology is operated. These include the rejection of low key strengths and ensure higher encryption strengths along with the use of “Secure Connections Only” mode when pairing devices.

8 views0 comments

Recent Posts

See All

Comments


  • call
  • gmail-02
  • Blogger
  • SUNRISE CLASSES TELEGRAM LINK
  • Whatsapp
  • LinkedIn
  • Facebook
  • Twitter
  • YouTube
  • Pinterest
  • Instagram
bottom of page