Recently, two new security vulnerabilities in Bluetooth technology have been discovered, potentially allowing unauthorized access to devices running Bluetooth standards from 4.2 to 5.4. Devices sold from 2014 to the present may be at risk of exploitation through these vulnerabilities, with a total of 6 exploitation methods identified for unauthorized intrusion into user devices. Additionally, AirDrop poses a particularly significant risk on Apple products.
How Does Bluetooth Security Work?
Bluetooth is considered to have higher security than other wireless methods with a range of security features. According to Apple’s support documentation, there are six different security factors for Bluetooth technology:
- Pairing: The process of creating one or more shared secret keys.
- Bonding: The action of storing connection keys during pairing to form a reliable device pair, facilitating quicker and simpler connections in subsequent instances.
- Authentication: Verifying that two devices share a connection key.
- Encryption: Securing messages.
- Message Integrity: Protecting against message tampering.
- Secure Simple Pairing: Protecting against passive eavesdropping and defending against man-in-the-middle attacks.
However, the security level depends on the Bluetooth standard supported by the oldest device in the connected devices. The security of the session key is a crucial factor in determining the level of protection provided.
Recently Discovered Bluetooth Security Vulnerabilities
According to Bleeping Computer, the attacks exploiting the recently discovered vulnerabilities are named BLUFFS. Researchers at Eurecom have developed six new attacks under this name. BLUFFS target two previously unidentified vulnerabilities in the standard Bluetooth technology, related to the session keys created for decrypting encrypted exchanged data.
The attacks exploit four vulnerabilities in the session key generation process, including two entirely new vulnerabilities. Subsequently, attackers use brute-force attacks to decrypt past communication and decrypt or manipulate future communication.
In other words, your device can be deceived by using a very weak security key that attackers can easily overcome. This leads to two types of attacks:
- Device Impersonation: You believe you are sending data to a familiar device (e.g., AirDropping photos to friends), but your device is actually connected to the attacker’s device.
- Man-in-the-Middle Attack (MitM): Every time you send data to a desired device, it is interfered with by the attacker, and they can entirely copy it.
All Devices Are Vulnerable
Due to the vulnerabilities in the fundamental structure of Bluetooth, all electronic devices running from Bluetooth 4.2 (introduced in December 2014) to Bluetooth 5.4 (introduced in February 2023) can be attacked. The list of devices includes every iPhone, iPad, or latest Macs.
Mitigating the Risks
The best thing users can do now is to always turn off Bluetooth connectivity when not needed, including sharing AirDrop. Although this may cause inconvenience, users should limit Bluetooth usage to protect their information until more effective solutions are provided.