
Closing the gender gap in cybersecurity: Progress and perspectives in 2025
Learn from Irene Corpuz (Founding Partner and Board Member, WiCSME) and understand the challenges ahead for gender diversity in cyber.
Read MoreBluetooth Classic’s cryptographic protocol, forward secrecy, is crucial for ensuring that past interactions are protected and confidential – preventing communications from being disclosed after the fact. And on the flipside, future secrecy is a protocol that ensures future communications are confidential – even if the keys used in earlier interactions have been compromised.
The Hacker News recently reported that new research has revealed six new attacks which break those forward secrecy and future secrecy guarantees. And this means that attackers can position themselves as adversaries-in-the-middle (AitM); sitting between two connected peers and intercepting information shared between them.
The study was led by Daniele Antonioli (Researcher at EURECOM), and was published in November 2023. The vulnerabilities have been called BLUFFS, tracked by NIST under CVE-2023-24023; and they affect Bluetooth Core Specification 4.2 to 5.4.
Antonioli noted that attacks using BLUFFS “enable device impersonation and machine-in-the-middle across sessions by only compromising one session key.” New flaws in Bluetooth’s session key derivation mechanism mean that attackers can use the same weak key across multiple sessions.
They can, therefore, establish future encryption procedures to make sure that their compromised key is used for all sessions while they’re in proximity of the device.
On the bright side, the attack is limited by proximity – the attacking device must be within range of two vulnerable Bluetooth-enabled devices that are initiating a pairing attempt.
Antonioli wrote in the study:
“From this work, we learned three key lessons that we want to share: (i) we should pay more attention to session establishment vulnerabilities, attacks, and fixes effective across sessions, (ii) we should agree on the definitions of Bluetooth’s forward and future secrecy and update the standard to discuss these definitions and related risks, (iii) we need to open-source Bluetooth firmware (Controllers) and better tooling around them to improve the effectiveness, coverage, and speed of our offensive and defensive evaluations.”
The emergence of BLUFFS is hot on the heels of a ThreatLocker report which explains how Bad Bluetooth and Bad KB Attacks enable threat actors to weaponise pairing mechanisms in order to gain control over devices running Apple MacOS systems.
And emerging attacks are added to a list of existing threats to Bluetooth security, including (but certainly not limited to):
Bluetooth attacks can result in information theft, eavesdropping between devices, disruption of networks or device services, or the installation of malware. Like all connected technologies, Bluetooth offers an opportunity for adversaries to access a device or network – and it must be included in ongoing security monitoring, training, and controls.
Are you coming to Black Hat MEA 2024? You’ll be immersed in the latest research on the threat landscape and adversary tactics – and have the opportunity to improve your security with guidance from the world’s top CISOs and ethical hackers.
Join the newsletter to receive the latest updates in your inbox.
Learn from Irene Corpuz (Founding Partner and Board Member, WiCSME) and understand the challenges ahead for gender diversity in cyber.
Read MoreHow cybersecurity hiring is changing: why skills matter more than degrees, and how inclusive hiring helps build stronger teams.
Read MoreExperienced cybersecurity professionals share their advice to help you get your first job in the cybersecurity industry.
Read More