Explorer

All Devices Since 2014 Can Be Hijacked, Says New Discovered Bluetooth Security Flaw

Recently identified security flaws in Bluetooth security can enable attackers to take control of connections across devices utilising Bluetooth versions 4.2 to 5.4, including devices from late 2014 to the present date.

Recently identified security flaws in Bluetooth security can enable attackers to take control of connections across devices utilising Bluetooth versions 4.2 to 5.4, including devices from late 2014 to the present date. Notably, Apple devices are particularly vulnerable, with AirDrop posing a heightened risk. These vulnerabilities manifest through six distinct exploits, facilitating both device impersonation and man-in-the-middle attacks, says a report by Bleeping Computer, citing research by expert Daniele Antonioli from Eurecom.

According to Eurecom researchers, six novel attacks collectively referred to as 'BLUFFS', he been made. These attacks can compromise the confidentiality of Bluetooth sessions, thus, enabling device impersonation and facilitating man-in-the-middle (MitM) attacks.

The attacker, within the Bluetooth range, can subsequently discern or modify these keys to decode or manipulate the data, necessitating the attacker to pose as one of the devices engaged in data sharing.

The flaw impacts a wide range of devices, including laptops, PCs, smartphones, tablets, and more, as all Bluetooth-enabled devices are vulnerable to at least three out of the six BLUFFS attacks, according to the research paper.

How To Stay Safe?

A recommended practice is to keep Bluetooth disabled on mobile devices unless necessary. This involves turning it on when using Bluetooth headphones and turning it off afterward.

These security flaws aren't tied to particular hardware or software configurations; however, they are inherent to the architecture, impacting Bluetooth at a foundational level. Antonioli, the discoverer of the attacks, elaborates that BLUFFS leverages two previously undiscovered flaws in the Bluetooth standard concerning the derivation of session keys for decrypting exchanged data.

The researchers have made and shared a toolkit on GitHub that demonstrates the effectiveness of BLUFFS, the report further noted. It includes a Python script to test the attacks, the ARM patches, the parser, and the PCAP samples captured during their tests.

Top Headlines

Netflix Considers Radical Live TV Move Amid Growing Engagement Concerns: Report
Netflix Considers Radical Live TV Move Amid Growing Engagement Concerns
Google Drive Alert Exposes Obscene Videos Of Family Women, Kanpur Teen Under Arrest: What Google Actually Monitors
Google Drive Alert Exposes Obscene Videos Of Family Women, Kanpur Teen Under Arrest
OPINION | India's AI Moment: From Digital Power To Global Rule-Maker
OPINION | India's AI Moment: From Digital Power To Global Rule-Maker
Apple Sues OpenAI, Claims Former Employees Took Confidential Hardware Secrets
Apple Sues OpenAI, Claims Former Employees Took Confidential Hardware Secrets

Videos

Safety Alert: Birthday Banner Falls From Flyover Onto Bike on Thane Highway
Breaking News: Baba Ramdev's Hindu Rashtra Remarks Trigger Political Controversy
Breaking News: Nitesh Rane's Remarks on Aamir Khan's Marriage Spark Political Row
Breaking: Four Teenagers Drown in Yamuna River in Delhi's Alipur
Election Update: Datia By-Election Heats Up as BJP and Congress File Nominations

Photo Gallery

25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Embed widget