Bluetooth BLUFFS attacks

Almost all modern versions of bluetooth are hackable via BLUFFS attacks.

CVE-2023-24023 Detail
https://nvd.nist.gov/vuln/detail/CVE-2023-24023

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.

Base Score: 6.8 MEDIUM

Paper with more details
https://dl.acm.org/doi/pdf/10.1145/3576915.3623066

Github
Bluetooth Forward and Future Secrecy Attacks and Defenses (BLUFFS) [CVE 2023-24023]
https://github.com/francozappa/bluffs

Moreso, without having to read and digest all that information, what can we do, if anything, to be safe from an attack?

Update your device and turn Bluetooth off when your not using it seems to be the only viable options. I’m not aware of any device that has a patch for this yet. So turning off Bluetooth seems to be the only option.

4 Comments

  1. Teknik Informatika says:

    What are the key details and implications of the Bluetooth Forward and Future Secrecy Attacks and Defenses (BLUFFS) described in the GitHub repository, and what preventive measures can users take, given the current absence of patches for affected devices? Regards Telkom University

    Reply
  2. fnaf says:

    Fantastic, I think it’s the greatest one out there, so tell me what you think! Best of luck!

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*