If exploited, these flaws can allow attackers to gain unauthorized access to sensitive information or generally cause problems
Few days ago EURECOM researchers revealed that they have discoveredThe new vulnerabilities (already cataloged under CVE-2023-24023) in the Bluetooth session negotiation mechanism, which affect all Bluetooth implementations that support secure connection modes” and “Simple and secure pairing” that meets specifications in Bluetooth 4.2 to 5.4
According to the EURECOM study, These two new bugs have been taken advantage of in the Bluetooth session key derivation mechanism along with two other bugs to facilitate weak derivation of session keys and subsequent brute force attacks to mask the victims.
“Any compliant BR/EDR implementation is expected to be vulnerable to this session key establishment attack; "However, the impact may be limited by denying access to host resources from a degraded session or by ensuring sufficient key entropy to cause session key reuse with limited utility to an attacker."
About BLUFFS (Bluetooth Forward and Future Secrecy)
It is mentioned that the vulnerabilities were detected during an architectural analysis in the Bluetooth session establishment specification (Forward and Future Secrecy), countering vulnerabilities were identified, which counteract the compromise of session keys in the case of determining a permanent key. It is crucial to note that the identified vulnerabilities arose due to flaws in the base standard, and these vulnerabilities are not limited to particular Bluetooth stacks and are manifested in chips manufactured by various vendors.
The attack works using four architectural vulnerabilities, including the two aforementioned flaws, in specifying the Bluetooth session establishment process to obtain a weak session key and subsequently brute force it to spoof arbitrary victims.
It is mentioned that the BLUFFS exploitation process, is based on an attacker within range Bluetooth connection of two victim devices can capture packets in plain text, knows the victim's Bluetooth address, you can create packets and negotiate a weak session key with the other, proposing the lowest possible key entropy value and using a constant session key diversifier.
The attack scenario assumes that the attacker targets the current Bluetooth session of the victim device and that it can reuse a weak session key to decrypt "past and future" messages.
Regarding the bug, it is reported that the first error lies in the fact that, in a Central-Peripheral pair, Bluetooth allows the Central to set all the session key diversification values, thus allowing an attacker to unilaterally drive the diversification of keys when impersonating a Central.
The second problem is that although random numbers are used in key diversification, nonces are not used, which means that the numbers can "be reused in past, present and future sessions without violating the standard", so an attacker can force victims to obtain the same session key controlled by the attacker in all sessions.
As a practical demonstration of the vulnerabilities, Six new Bluetooth attack methods have been developed, which were called BLUFFS attacks (Bluetooth Forward and Future Secrecy) and it is mentioned that these allow the Bluetooth connection to be spoofed.
These attacks have been categorized as
- A1: Forgery of an LSC exchange
- A2: counterfeit LSC peripheral
- A3: Victims of MitM LSC
- A4: Fake a Central SC
- A5: Counterfeit SC peripheral
- A6: Victim of MitM SC
It is worth mentioning that In order to block vulnerabilities, changes have been proposed to the Bluetooth standard to expand the LMP protocol and change the logic of using KDF (Key Derivation Function) when generating keys in LSC mode.
In addition to that, It's recommended that Bluetooth implementations reject service level connections on an encrypted baseband link with key strengths less than 7 octets, that devices operate in “Secure Connections Only Mode” to ensure sufficient key strength and that pairing occurs via “Secure Connections” mode as opposed to legacy mode.
Finally, if you are interested in knowing more about it, you can check the details In the following link. For those interested in the code of the attack methods and to check the vulnerabilities, you can consult these on GitHub.