New research has uncovered several novel attacks that break Bluetooth Classic’s forward secrecy and future secrecy guarantees, resulting in conflict-in-the-middle (AitM) scenarios between two connected devices. already peers.
The issues, jointly named BLUFFS, impact of Bluetooth Core Specification 4.2 through 5.4. They are tracked under the identifier CVE-2023-24023 (CVSS score: 6.8) and responsibly disclosed in October 2022.
The attacks “enable device and machine-in-the-middle impersonation of sessions simply by compromising a session key,” said EURECOM researcher Daniele Antonioli in a study published last last month
This is made possible by using two new flaws in the Bluetooth standard’s session key derivation mechanism that allow the derivation of the same key throughout the session.
Learn Insider Threat Detection using Application Response Strategies
Learn how application detection, response, and automated behavior modeling can transform your defense against content threats.
While forward secrecy in key-agreement cryptographic protocols ensures that past communications cannot be disclosed, even if the private keys of a particular exchange are revealed to a passive attacker, forward secrecy (aka backward secrecy) guarantees confidentiality in future messages if previous keys are corrupted.
In other words, forward secrecy protects past sessions against future compromise of keys.
the ATTACKS works by exploiting four architectural vulnerabilities, including the aforementioned two flaws, in the specification of the Bluetooth session establishment process to obtain a weak session key, and then force it to spoof the arbitrary victims.
An AitM attacker impersonating a paired device can negotiate a connection with the other end to establish a subsequent encryption method using legacy encryption.
By doing this, “an attacker in proximity can ensure that the same encryption key is used for each session while in proximity and enforce the lowest supported encryption key length,” the Bluetooth Special Interest Group (SIG) SAYS.
“Any compliant BR/EDR implementation is expected to be vulnerable to this attack on session keys, however, the impact can be limited by denying access to host resources from in a compromised session, or by ensuring sufficient key entropy to reuse the session key to limited utility by an attacker.”
Additionally, an attacker could exploit the flaws to brute-force the encryption key in real time, thus enabling live traffic injection attacks between of weak partners.
The success of the attack, however, assumes that the attacking device is within the wireless range of two vulnerable Bluetooth devices that initiate a pairing method and that the adversary can capture Bluetooth packets in plaintext and ciphertext, known as the Bluetooth address of the victim, and can make Bluetooth. packages.
As mitigations, the SIG recommends that Bluetooth implementations reject service-level connections over an encrypted baseband link with key strengths below 7 octets, with devices operating on ” Secure Connections Only Mode” to ensure sufficient key strength, and pairing is done through “Secure Connections” mode as opposed to legacy mode.
The disclosure comes as ThreatLocker detailed a Bluetooth impersonation attack that can abuse the pairing mechanism to gain wireless access to an Apple macOS system via a Bluetooth connection and launch a reverse shell.