New BLUFFS Bluetooth attack exposes devices to AiTM (adversaries in-the-middle attacks)

New research has identified multiple attacks that can compromise the forward secrecy and future confidentiality promises of Bluetooth Classic. It causes adversary-in-the-middle (AiTM) attack scenarios between connected devices. 

These attacks, known as BLUFFS, affect Bluetooth Core Specification 4.2 to 5.4 and were disclosed responsibly in October 2022 as examined under the CVE-2023-24023 . Additionally, a single session key “EURICOM” is compromised by the attacks as stated by researcher Daniele Antonioli in research. It allows for device impersonation and machine-in-the-middle attacks.

Similarly, in key-agreement cryptographic protocols, forward secrecy prevents past communications from being compromised in the future. It discusses an attack that exploits vulnerabilities in the Bluetooth session shaping process to obtain a weak session key. Similarly, the attacker can then emulate a paired device and establish an encryption procedure using gift encryption.

The attacks hold four architectural vulnerabilities in the Bluetooth session initiation process to generate a weak session key, which can then be brute-forced to impersonate other devices.

The attacker can ensure that every session uses the same encryption key while nearby by using the lowest supported encryption key length, according to Bluetooth Special Interest Group (SIG).

This attack on session key establishment is expected to affect any BR/EDR implementation that confirms the effect of this attack can be minimized by either refusing access to host resources from a downgraded session or ensuring sufficient key entropy. Likewise, the attacker can use the vulnerabilities to brute-force the encryption key in real-time, enabling live injection attacks on traffic between vulnerable peers.

The success of the attack, however, relies on the condition that an attacking device is within the wireless range of two vulnerable Bluetooth devices initiating a pairing procedure. Additionally, the adversary must be able to intercept and obtain Bluetooth packets containing both plaintext and Ciphertext and also, have the victim's Bluetooth address knowledge and the ability to create defrauding Bluetooth packets.

Moreover, the Special Interest Group (SIG) recommends several measures to address and mitigate these vulnerabilities. Bluetooth implementations must reject service-level connections on encrypted baseband links with key strengths below 7 octets in the first place.

Further, ensure sufficient key strength by setting devices to operate exclusively in 'Secure Connections Only Mode'. Finally, pairing should be conducted using the "Secure Connections" mode rather than the legacy mode.

This disclosure is issued in response to Threat Locker's discovery of a Bluetooth impersonation attack that uses the pairing process to attach itself to Apple macOS devices and obtain unauthorized wireless access. The attacker can then launch a reverse shell on the compromised system.