Almost all modern versions of bluetooth are hackable via BLUFFS attacks.
CVE-2023-24023 Detail
https://nvd.nist.gov/vuln/detail/CVE-2023-24023
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.
Base Score: 6.8 MEDIUM
Paper with more details
https://dl.acm.org/doi/pdf/10.1145/3576915.3623066
Github
Bluetooth Forward and Future Secrecy Attacks and Defenses (BLUFFS) [CVE 2023-24023]
https://github.com/francozappa/bluffs
Moreso, without having to read and digest all that information, what can we do, if anything, to be safe from an attack?
Update your device and turn Bluetooth off when your not using it seems to be the only viable options. I’m not aware of any device that has a patch for this yet. So turning off Bluetooth seems to be the only option.
4 Comments
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/new-bluffs-attack-lets-attackers-hijack-bluetooth-connections/
Teknik Informatika says:
What are the key details and implications of the Bluetooth Forward and Future Secrecy Attacks and Defenses (BLUFFS) described in the GitHub repository, and what preventive measures can users take, given the current absence of patches for affected devices? Regards Telkom University
fnaf says:
Fantastic, I think it’s the greatest one out there, so tell me what you think! Best of luck!
Tomi Engdahl says:
https://www.bluetooth.com/blog/bluetooth-pairing-part-4/