Bluetooth devices after 2014 have a security vulnerability that makes them hackable. The problem lies in their architecture, not their hardware or software, which means the problem is common to millions of devices, regardless of their brand or operating system. The vulnerability allows attackers to install a weakly secure session key to later reuse it to extract data.
The vulnerability was discovered after Eurocom’s investigation. They have developed 6 different attacks that can hack Bluetooth devices via session key. “The attacker first installs a weak session key, then spends some time forcing it and reuses it to pose as a victim or perform a man-in-the-middle attack in subsequent sessions and decrypt data from previous sessions,” explains researcher Daniele Antonioli.
BLUFFS is the name for this attack. It has already been tested on 18 different Bluetooth devices using different chipsets. These range from mobile phones to computers, as the security flaw has been present in all versions of Bluetooth since 2014, from 4.2 to 5.4.
In order for the device to be compromised using Bluetooth, the attacker must be within a maximum distance of about 10 meters, which is the operating radius of this connection. That doesn’t mean it’s a serious weakness that criminals can exploit. However, with or without this attack, it’s not a good idea to keep Bluetooth on in public if you’re not using it, as we always recommend turning it off when you’re not using it.
Fortunately, Eurocom has also developed a patch for the vulnerability. This solution has already been delivered to the Bluetooth Special Interest Group, which monitors the development of Bluetooth technology. Eurocom also notified giant companies such as Google, Qualcomm or Apple, whose current devices are all vulnerable, to implement solutions for those devices.