Bluffs: the alarm of the Italian researcher on bluetooth security
Bluffs vulnerability revealed: how it risks your privacy through bluetooth
The new Bluetooth system vulnerability, called "Bluffs", was discovered by Italian researcher Daniele Antonioli. This flaw could compromise the security of various devices manufactured since 2014. It relies on the generation of weak security keys, threatening user privacy. Antonioli presented his research at the Acm Sigsac Conference. It also released a kit to test the vulnerability. The flaw is now registered as CVE-2023-24023.
A new vulnerability in the Bluetooth system called "Bluffs" has been discovered by Italian researcher Daniele Antonioli, a cybersecurity expert and associate professor at the prestigious Eurecom in France. This flaw, which affects a huge number of devices produced since 2014, could compromise the privacy of various users of equipment such as smartphones, tablets, smart watches, and many others.
The importance of "Bluffs"
The name "Bluffs" is an acronym for "Bluetooth Forward and Future Secrecy", and has to do with the security keys used to encrypt Bluetooth connections. The threat of this flaw arises when an attacker generates a weak key between two devices, compromising user security for an indefinite period. Antonioli presented his detailed results during the Acm Sigsac Conference on Computer and Communications Security.
Two main vulnerabilities
Antonioli indicated that the main vulnerabilities detected concern two security properties known as "forward secrecy" and "future secrecy". Forward secrecy aims to guarantee the protection of past data even in the event of attacks carried out in the present, while future secrecy aims to preserve future data when the present connection is compromised. In practice, the situation can be compared to exploiting a password to access an account during a forced period.
The world reacts to the discovery
Researcher Antonioli has published a toolkit for testing the vulnerability on his personal website, along with the research paper and slides from the conference presentation. The Bluffs flaw is now registered in the globally recognized vulnerability database under the designation CVE-2023-24023. In view of this discovery, the Bluetooth Sig consortium promptly released a safety advisory to inform users.
Follow us on Threads for more pills like this12/04/2023 12:45
Editorial AI