• New BLUFFS attack lets attackers hijack Bluetooth connections

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » New BLUFFS attack lets attackers hijack Bluetooth connections



    Researchers at Eurecom have developed six new attacks collectively named ‘BLUFFS’ that can break the secrecy of Bluetooth sessions, allowing for device impersonation and man-in-the-middle (MitM) attacks…

    These flaws are not specific to hardware or software configurations but are architectural instead, meaning they affect Bluetooth at a fundamental level.

    The issues are tracked under the identifier CVE-2023-24023 and impact Bluetooth Core Specification 4.2 through 5.4.

    Considering the widespread use of the well-established wireless communication standard and the versions impacted by the exploits, BLUFFS could work against billions of devices, including laptops, smartphones, and other mobile devices…

    Viewing 0 reply threads
    • #2607349

      “The Eurecom paper presents test results for BLUFFS against various devices, including smartphones, earphones, and laptops, running Bluetooth versions 4.1 through 5.2.”

      Gee, I’m running BT 4.0; being behind the curse is sometimes a good thing. 🙂

      Seriously, BT ‘s main fault IMHO is that it has been built up over the years by committees…and Marketing ones at that:

      “Do you think it should really be blue, I mean, it’s such a down color…”

      Strictly “B” Ark material.

      I was told long ago that the safest way to pair devices was in the middle of a desert, or, failing that, a large empty parking lot at 3 A.M.

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
      "The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

    Viewing 0 reply threads
    Reply To: New BLUFFS attack lets attackers hijack Bluetooth connections

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: