Some expert cybersecurity researchers at Eurecom they brought new things to light vulnerability in the protocol Bluetoothwhich make it possible for hacker imitating devices and performing man-in-the-middle attacks: a flaw that makes you attackable all devices released after 2014. Six new attacks exploit the flaw in Bluetooth 4.2 or later.
Bluetooth flaw makes all devices released after 2014 vulnerable
Daniele Antonioli, within the security team, identified six new attacks, known as “BLUFFS“, exploiting two previously unknown exploits in the Bluetooth architecture. These flaws can be exploited to decipher data exchanged via Bluetooth, thus compromising the contents of files sent by users. This allows you to bypass basic Bluetooth security measures by hacking the entire architecture instead of limiting yourself to specific hardware or software configurations.
According to a report by Bleeping Computer (reported by Indian Express), the vulnerabilities affect all devices equipped with Bluetooth from version 4.2, released in 2014until the newer Bluetooth 5.4 introduced in early 2023. Also the function Apple’s AirDrop is vulnerableas it relies on Bluetooth to transfer files between devices.
The scope of this threat involves a wide range of devices, including laptop, PC, smartphone, tablet and other Bluetooth-enabled devices. According to the research paper, at least 3 of the 6 BLUFFS attacks can be run on any Bluetooth-enabled device.
Since the security flaws manifest themselves on an architectural level, at the moment users cannot intervene directly to solve the problem. The solution will require intervention by device manufacturers, who will have to make changes to the security mechanisms employed by Bluetooth technology and reject less secure authentication methods. Even if researchers have just found the flaws: it will take time.
Currently, the most effective method to protect yourself from these new threats is to turn off Bluetooth as soon as it is no longer used, although this may prove inconvenient for many users. Another precaution that can be taken is Avoid sharing sensitive files or images via Bluetooth in public places.