New Bluetooth Attack

New attack breaks forward secrecy in Bluetooth.

BLUFFS is a series of exploits targeting Bluetooth, aiming to break Bluetooth sessions’ forward and future secrecy, compromising the confidentiality of past and future communications between devices.

This is achieved by exploiting four flaws in the session key derivation process, two of which are new, to force the derivation of a short, thus weak and predictable session key (SKC).

Next, the attacker brute-forces the key, enabling them to decrypt past communication and decrypt or manipulate future communications.

The vulnerability has been around for at least a decade.

Tags: authentication, Bluetooth, cyberattack, man-in-the-middle attacks, secrecy, vulnerabilities

Sidebar photo of Bruce Schneier by Joe MacInnis.

Source: schneier.com

New Bluetooth Attack

New Bluetooth Attack

US reports death of senior Hamas military leader

Chinese envoy meets Hamas political leader in Qatar to discuss ‘Gaza conflict and other issues’

British government to introduce independent football regulator

Japan Raises Interest Rates for First Time in 17 Years

US reports death of senior Hamas military leader

Chinese envoy meets Hamas political leader in Qatar to discuss ‘Gaza conflict and other issues’

British government to introduce independent football regulator

Japan Raises Interest Rates for First Time in 17 Years