AiTM attacks likely with new Bluetooth vulnerabilities

Several new attacks leveraging Bluetooth vulnerabilities, collectively tracked as CVE-2023-24023 and dubbed BLUFFS, have been identified by EURECOM to enable adversary-in-the-middle intrusions between connected devices by compromising the forward and future secrecy mechanisms of Bluetooth, reports The Hacker News. Two novel flaws within Bluetooth's session key derivation mechanism have been leveraged alongside two other bugs to facilitate weak session key derivation and subsequent brute-force attacks to masquerade victims, according to the EURECOM study. "Any conforming BR/EDR implementation is expected to be vulnerable to this attack on session key establishment, however, the impact may be limited by refusing access to host resources from a downgraded session, or by ensuring sufficient key entropy to make session key reuse of limited utility to an attacker," said the Bluetooth Special Interest Group, which urged the rejection of service-level connections on encrypted baseband links lower than 7 octets, as well as the utilization of "Secure Connections Only Mode," and "Secure Connections" device pairing to prevent potential compromise.