Weak session keys let snoops take a byte out of your Bluetooth traffic

Multiple Bluetooth chips from major vendors such as Qualcomm, Broadcom, Intel, and Apple are vulnerable to a pair of security flaws that allow a nearby miscreant to impersonate other devices and intercept data.

The weaknesses were identified by Daniele Antonioli, an assistant professor at French graduate school and research center EURECOM's software and system security group. He detailed the attack vectors by which the flaws could be exploited in a paper [PDF] titled "BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses."

Antonioli's explanation states that the flaws exist in versions of the Bluetooth Core Specification from 2014's version 4.2 to the February 2023 version 5.4.

BLUFFS – for BLUetooth Forward and Future Secrecy – is a set of six distinct attacks. Forward secrecy protects past sessions against key compromise, while future secrecy does the same thing for future sessions.

The attacks force the creation of weak session keys, which are used when paired Bluetooth devices try to establish a secure communication channel. Weak keys can be easily broken, allowing the eavesdropper to hijack sessions and snoop on victims' conversations, data, and activities carried out over Bluetooth.

"Our attacks enable device impersonation and machine-in-the-middle across sessions by only compromising one session key," Antonioli explained in his paper. "The attacks exploit two novel vulnerabilities that we uncover in the Bluetooth standard related to unilateral and repeatable session key derivation."

Antonioli wrote that since the attacks impact Bluetooth at the architectural level, they work regardless of hardware and software variations. The BLUFFS attacks are said to have been tested successfully on 18 Bluetooth devices from Intel, Broadcom, Apple, Google, Microsoft, CSR, Logitech, Infineon, Bose, Dell, and Xiaomi, which use 17 different chips. And they affect both Bluetooth security modes: Secure Connections (SC) and Legacy Secure Connections (LSC).

Devices found to use chips susceptible to BLUFFS include smartphones and wireless earbuds from Apple and Google, and a Lenovo ThinkPad.

• A dirty dozen of Bluetooth bugs threaten to reboot, freeze, or hack your trendy gizmos from close range
• Billions of Bluetooth gadgets bothered by 'BLURtooth' miscreant-in-the-middle bug
• BrakTooth vulnerabilities put Bluetooth users at risk – and some devices are going unpatched
• Zephyr OS Bluetooth vulnerabilities left smart devices open to attack

"The BLUFFS attacks have a severe impact on Bluetooth's security and privacy," Antonioli wrote. "They allow decrypting (sensitive) traffic and injecting authorized messages across sessions by re-using a single session key."

The BLUFFS code repo contains Arm code patches and an attack-checking tool that takes packet capture (pcap) files and isolates Bluetooth sessions to calculate session keys and detect BLUFFS attacks. Antonioli has proposed protocol-level countermeasures involving three extra Link Manager Protocol packets and three extra function calls that vendors can implement while awaiting a Bluetooth specification revision that makes session establishment more secure.

According to Antonioli, the vulnerability was responsibly disclosed in October 2022 to the Bluetooth Special Interest Group (SIG), which in turn coordinated the disclosure of CVE-2023-24023 to multiple vendors.

Google has categorized BLUFFS as a high-severity vulnerability – worthy of a bug bounty – and is said to be working on a fix. Intel also awarded a bounty but designated BLUFFS medium severity. Apple and Logitech reportedly are aware of the issue and working on fixes, while Qualcomm hasn't yet acknowledged the researchers' disclosure.

The Bluetooth SIG, which oversees the short-range wireless specification, has issued a security notice about the vulnerability. The notification advises those implementing Bluetooth to configure their systems to reject connections with weak keys. ®