Security researchers at Eurecom have uncovered novel Bluetooth vulnerabilities that enable hackers to mimic devices and execute man-in-the-middle attacks.
Discovered by Daniele Antonioli, the six new attacks, collectively named ‘BLUFFS,’ leverage two previously unknown exploits within the Bluetooth architecture. These exploits can decrypt transmitted data, posing a significant security risk. Cybersecurity experts emphasize that these vulnerabilities are not confined to specific hardware or software configurations; instead, they affect Bluetooth at an architectural level.
According to a report from Bleeping Computer, the vulnerabilities impact all devices featuring Bluetooth 4.2, released in late 2014, and Bluetooth 5.4, unveiled earlier this year. Even Apple’s AirDrop, which utilizes Bluetooth for file transfers between devices, is vulnerable. The implications extend to various devices such as laptops, PCs, smartphones, and tablets, affecting a broad range of users. The research paper indicates that every Bluetooth-enabled device is susceptible to at least three out of the six BLUFFS attacks.
Given that these Bluetooth exploits operate at an architectural level, users currently have no immediate solutions to address the vulnerabilities. Resolving the issue necessitates modifications by device manufacturers to enhance security mechanisms and reject low-security authentication methods used by older devices. However, the availability of patches for existing devices remains uncertain.
Presently, the most effective precaution against these Bluetooth security flaws is to disable Bluetooth when not in use, though this may be inconvenient for many users. Another preventative measure involves refraining from sharing sensitive files and images via Bluetooth, particularly in public spaces.
