
Bringing clarity to chaos: Sounil Yu on the Cyber Defence Matrix
Discover how Sounil Yu’s Cyber Defense Matrix simplifies cybersecurity – helping teams map defenses, find gaps, and make smarter decisions.
Read MoreBluetooth Classic’s cryptographic protocol, forward secrecy, is crucial for ensuring that past interactions are protected and confidential – preventing communications from being disclosed after the fact. And on the flipside, future secrecy is a protocol that ensures future communications are confidential – even if the keys used in earlier interactions have been compromised.
The Hacker News recently reported that new research has revealed six new attacks which break those forward secrecy and future secrecy guarantees. And this means that attackers can position themselves as adversaries-in-the-middle (AitM); sitting between two connected peers and intercepting information shared between them.
The study was led by Daniele Antonioli (Researcher at EURECOM), and was published in November 2023. The vulnerabilities have been called BLUFFS, tracked by NIST under CVE-2023-24023; and they affect Bluetooth Core Specification 4.2 to 5.4.
Antonioli noted that attacks using BLUFFS “enable device impersonation and machine-in-the-middle across sessions by only compromising one session key.” New flaws in Bluetooth’s session key derivation mechanism mean that attackers can use the same weak key across multiple sessions.
They can, therefore, establish future encryption procedures to make sure that their compromised key is used for all sessions while they’re in proximity of the device.
On the bright side, the attack is limited by proximity – the attacking device must be within range of two vulnerable Bluetooth-enabled devices that are initiating a pairing attempt.
Antonioli wrote in the study:
“From this work, we learned three key lessons that we want to share: (i) we should pay more attention to session establishment vulnerabilities, attacks, and fixes effective across sessions, (ii) we should agree on the definitions of Bluetooth’s forward and future secrecy and update the standard to discuss these definitions and related risks, (iii) we need to open-source Bluetooth firmware (Controllers) and better tooling around them to improve the effectiveness, coverage, and speed of our offensive and defensive evaluations.”
The emergence of BLUFFS is hot on the heels of a ThreatLocker report which explains how Bad Bluetooth and Bad KB Attacks enable threat actors to weaponise pairing mechanisms in order to gain control over devices running Apple MacOS systems.
And emerging attacks are added to a list of existing threats to Bluetooth security, including (but certainly not limited to):
Bluetooth attacks can result in information theft, eavesdropping between devices, disruption of networks or device services, or the installation of malware. Like all connected technologies, Bluetooth offers an opportunity for adversaries to access a device or network – and it must be included in ongoing security monitoring, training, and controls.
Are you coming to Black Hat MEA 2024? You’ll be immersed in the latest research on the threat landscape and adversary tactics – and have the opportunity to improve your security with guidance from the world’s top CISOs and ethical hackers.
Join the newsletter to receive the latest updates in your inbox.
Discover how Sounil Yu’s Cyber Defense Matrix simplifies cybersecurity – helping teams map defenses, find gaps, and make smarter decisions.
Read MoreSharpen your cybersecurity skills with world-class, hands-on trainings at Black Hat MEA 2025 in Riyadh. Pre-register now to secure your seat.
Read MoreBreach costs may be falling, but 90% of cyber leaders say their jobs are getting harder. A new Ponemon report reveals why securing mission-critical operations remains so challenging.
Read More