A recent report has potentially unveiled a major Bluetooth security issue that could allow criminals to impersonate other devices. This could affect even the latest update of Bluetooth and some of the older versions.
The security weaknesses were developed by a team at the research institute Eurecom. These weaknesses have been named “BLUFFS” or Bluetooth Forward and Future Secrecy. The weakness appears to affect Bluetooth versions from 4.1 to 5.4. Any phone model running these versions would be vulnerable to at least three of the six attack types developed, according to a report from Beeping Computer. This would mean that every phone from the iPhone 6 to the iPhone 15 could be affected by BLUFF.
BLUFFS is not listed as a hardware or software configuration, but is instead architectural, which means it can't be fixed easily. The exploit has to do with two previously unknown flaws related to how session keys are derived to decrypt date.
BLUFFS requires the two phones to be within Bluetooth range of each other to work. Once within range, the attacker can alter the secure keys used for encrypting data. They can decode or tamper with the data, which requires the attacker to pretend to be one of the devices sharing data.
It is important to state that there is no guarantee that the majority of people will be affected by these flaws. However, there are a few things that can be done to protect your device. The first is to turn off Bluetooth when not in use. It is also a good idea to only connect with verified devices and never an unknown source.
Bluetooth is likely working on solving the issue and there have been a few suggestions. The first is to introduce a secure key generation. This would be a quick fix and would allow people to confirm their data is being sent to the right place. However, there will likely be more information to come on the proposed fixes.
