According to Android Authority , the exploit post shows a relatively simple method to brute force the Bluetooth encryption keys between two devices. If successful, an attacker could impersonate the device and access sensitive data.
Billions of devices are using Bluetooth 4.2 protocol
This exploit appears to work at least partially on any device using Bluetooth 4.2 or later. Devices supporting Bluetooth 4.2 were reportedly deployed in late 2014, meaning the attack should theoretically work on most modern Bluetooth devices.
EURECOM has divided the attacks into six different styles, with the acronym BLUFFS used to cover all of them. As part of the report, EURECOM has presented a table of the devices they were able to spoof using these attacks and the level of success for each of the six types.
The Bluetooth Special Interest Group (SIG), the nonprofit body that oversees the development of the standard, acknowledged EURECOM's findings. In a security bulletin, the agency recommended that manufacturers implementing Bluetooth technology in their products follow strict security protocols to prevent this attack from working. However, it did not mention whether future versions of the connection would patch the vulnerability EURECOM discovered. The most recent Bluetooth standard is v5.4, which was released in February 2023.
Source link
Comment (0)