Bluffs: the alarm of the Italian researcher on bluetooth security

A new vulnerability in the Bluetooth system called "Bluffs" has been discovered by Italian researcher Daniele Antonioli, a cybersecurity expert and associate professor at the prestigious Eurecom in France. This flaw, which affects a huge number of devices produced since 2014, could compromise the privacy of various users of equipment such as smartphones, tablets, smart watches, and many others.

The importance of "Bluffs"

The name "Bluffs" is an acronym for "Bluetooth Forward and Future Secrecy", and has to do with the security keys used to encrypt Bluetooth connections. The threat of this flaw arises when an attacker generates a weak key between two devices, compromising user security for an indefinite period. Antonioli presented his detailed results during the Acm Sigsac Conference on Computer and Communications Security.

Two main vulnerabilities

Antonioli indicated that the main vulnerabilities detected concern two security properties known as "forward secrecy" and "future secrecy". Forward secrecy aims to guarantee the protection of past data even in the event of attacks carried out in the present, while future secrecy aims to preserve future data when the present connection is compromised. In practice, the situation can be compared to exploiting a password to access an account during a forced period.

The world reacts to the discovery

Researcher Antonioli has published a toolkit for testing the vulnerability on his personal website, along with the research paper and slides from the conference presentation. The Bluffs flaw is now registered in the globally recognized vulnerability database under the designation CVE-2023-24023. In view of this discovery, the Bluetooth Sig consortium promptly released a safety advisory to inform users.