6.8 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.2 High
AI Score
Confidence
Low
3.2 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:H/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
71.2%
New research has unearthed multiple novel attacks that break Bluetooth Classicâs forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle (AitM) scenarios between two already connected peers.
The issues, collectively named BLUFFS, impact Bluetooth Core Specification 4.2 through 5.4. They are tracked under the identifier CVE-2023-24023 (CVSS score: 6.8) and were responsibly disclosed in October 2022.
The attacks âenable device impersonation and machine-in-the-middle across sessions by only compromising one session key,â EURECOM researcher Daniele Antonioli said in a study published late last month.
This is made possible by leveraging two new flaws in the Bluetooth standardâs session key derivation mechanism that allow the derivation of the same key across sessions.
UPCOMING WEBINAR [
Learn Insider Threat Detection with Application Response Strategies
](<https://thehacker.news/app-detection-response?source=inside>)
Discover how application detection, response, and automated behavior modeling can revolutionize your defense against insider threats.
While forward secrecy in key-agreement cryptographic protocols ensures that past communications are not revealed, even if the private keys to a particular exchange are revealed by a passive attacker, future secrecy (aka backward secrecy) guarantees the confidentiality of future messages should the past keys get corrupted.
In other words, forward secrecy protects past sessions against future compromises of keys.
The attack works by weaponizing four architectural vulnerabilities, including the aforementioned two flaws, in the specification of the Bluetooth session establishment process to derive a weak session key, and subsequently brute-force it to spoof arbitrary victims.
The AitM attacker impersonating the paired device could then negotiate a connection with the other end to establish a subsequent encryption procedure using legacy encryption.
In doing so, âan attacker in proximity may ensure that the same encryption key is used for every session while in proximity and force the lowest supported encryption key length,â the Bluetooth Special Interest Group (SIG) said.
âAny conforming BR/EDR implementation is expected to be vulnerable to this attack on session key establishment, however, the impact may be limited by refusing access to host resources from a downgraded session, or by ensuring sufficient key entropy to make session key reuse of limited utility to an attacker.â
Furthermore, an attacker can take advantage of the shortcomings to brute-force the encryption key in real-time, thereby enabling live injection attacks on traffic between vulnerable peers.
The success of the attack, however, presupposes that an attacking device is within the wireless range of two vulnerable Bluetooth devices initiating a pairing procedure and that the adversary can capture Bluetooth packets in plaintext and ciphertext, known as the victimâs Bluetooth address, and craft Bluetooth packets.
As mitigations, SIG recommends that Bluetooth implementations reject service-level connections on an encrypted baseband link with key strengths below 7 octets, have devices operate in âSecure Connections Only Modeâ to ensure sufficient key strength, and pair is done via âSecure Connectionsâ mode as opposed the legacy mode.
The disclosure comes as ThreatLocker detailed a Bluetooth impersonation attack that can abuse the pairing mechanism to gain wireless access to Apple macOS systems via the Bluetooth connection and launch a reverse shell.
Found this article interesting? Follow us on Twitter ď and LinkedIn to read more exclusive content we post.
6.8 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.2 High
AI Score
Confidence
Low
3.2 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:H/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
71.2%