I. Introduction
The Eurecom academic research institution has unearthed security vulnerabilities within the Bluetooth wireless standard, enabling potential threats to impersonate devices and orchestrate man-in-the-middle attacks. These vulnerabilities extend across various versions of the Bluetooth protocol, encompassing the current 5.4 version and the 5.3 version utilized in Apple‘s existing hardware lineup.
Termed “Bluetooth Forward and Future Secrecy” (BLUFFS), a series of attacks has been devised by Eurecom to exploit the identified weaknesses in Bluetooth. According to a research paper authored by Eurecom’s Daniele Antonioli, “The attacks exploit two novel vulnerabilities that we uncover in the Bluetooth standard related to unilateral and repeatable session key derivation.”
Antonioli further stated, “We demonstrate that our attacks wield a critical and widespread impact on the Bluetooth ecosystem,” substantiating this claim by evaluating the attacks on 17 diverse Bluetooth chips (18 devices) sourced from reputable hardware and software vendors, covering a spectrum of popular Bluetooth versions.
To carry out the BLUFFS attacks, a potential threat agent must be in proximity to the targeted devices. BLUFFS capitalizes on four vulnerabilities in the Bluetooth session key derivation process, providing attackers with the means to impersonate one of the devices.
Antonioli offers guidance to developers on rectifying these security vulnerabilities. “We suggest an improved Bluetooth session key derivation function that deliberately prevents our attacks and their underlying issues. Our countermeasure maintains backward compatibility with the Bluetooth standard and introduces minimal additional overhead.”
II. Recommendations
To safeguard yourself from potential threats, especially considering BLUFFS is currently part of a research project and not actively deployed in real-world scenarios, it’s important to be aware of the underlying Bluetooth vulnerabilities that Eurecom has brought to light.
Given that the Bluetooth Special Interest Group (SIG) oversees the development of the Bluetooth standard, it is crucial for them to address and patch these identified security holes. In a statement on Bluetooth.com, SIG outlined, “For this attack to be successful, an attacking device needs to be within wireless range of two vulnerable Bluetooth devices initiating an encryption procedure using a link key obtained using BR/EDR Secure Connections pairing procedures.” SIG also recommends certain precautions, stating, “Implementations [should] reject service-level connections on an encrypted baseband link with key strengths below 7 octets. For implementations capable of always using Security Mode 4 Level 4, implementations should reject service-level connections on an encrypted baseband link with a key strength below 16 octets. Having both devices operating in Secure Connections Only Mode will also ensure sufficient key strength.”
By following these recommendations and ensuring that devices operate in Secure Connections Only Mode, users can enhance their protection against potential security threats exploiting Bluetooth vulnerabilities.
Apple has the capacity to mitigate some of these concerns through operating system patches. Therefore, it is crucial to promptly install OS updates to ensure the latest security measures are in place. The vulnerabilities associated with BLUFFS have been documented in the National Vulnerability Database as CVE-2023-24023. In the event that Apple releases patches to address these vulnerabilities, the company should appropriately document them in its security releases document.
For users who wish to adopt a proactive stance, disabling Bluetooth when not in use is a recommended practice. This can be easily accomplished on iPhone, iPad, and Mac devices through the Control Center. Taking these precautionary steps can contribute to a more secure digital environment for users of Apple devices.
Nhat Truong Blog 