Home / sci-Tec / Are Bluetooth connections secure? Flaws in Bluetooth connections have been exploited in the past to compromise the security of users. Now, however, architectural problems in the technology are highlighting the risks posed by the use Bluetooth devices for communication December 04, 2023 12:52 pm | Updated 01:46 pm IST THE HINDU BUREAU COMMENTS SHARE 19 READ LATER Researchers at Eurecom discovered two previously unknown flawsin the Bluetooth standard that are not specific to hardware or software configuration. | Photo Credit: AP ‘The use of Bluetooth connections to compromise the security of users is not a new problem. So far, vulnerabilities were thought to have existed due to lack of foresight on themanufacturer's end. SHOWCASE However, recent research at Eurecom, a French Graduate School and digital research center, discovered two previously unknown flaws in the Bluetooth standard that are not specific to hardware or software configuration but are architectural. These affect Bluetooth ona fundamental level and impact billions of devices including laptops, smartphones, and other mobile devices. The flaws were found to impact not just older versions, even versions teleased as far as February 2023. Using the previously unknown flaws reseatchers developed six new attacks collectively dubbed “BLUFFS” that can break the secrecy of Bluetooth sessions allowing attackers to impersonate devices and perform man-in-the-middle (MitM) attacks. Aman-in-the-middle or MitM attack is a cyber-attack where attackers intercept communication between devices. Attackers use this method for not just snooping on a private conversation between devices, but also to perform unauthorised purchases and hacking into devices. (For top technology news of the day, subscribe to our tech newsletter Today's Cache) The exploits targeting Bluetooth connections break Bluetooth sessions’ forward and future secrecy. This is achieved by exploiting flaws in the session’s key derivation process that allow attackers to brute-force the key. This allows them to decrypt past communication and decrypt or manipulate future communications. Also Read | OpenAl’s identity service provider Okta hit by cyber attack This form of attack impacts devices including smartphones, earphones, and laptops running different versions of Bluetooth, all of which were confirmed to be susceptible to atleast three out of the six attacks. Remedies for flaws in Bluetooth technology Researchers suggested modifications in the use of Bluetooth technology to remedy the flaws. These include introducing a new “Key Derivation Function’. Introduction of pairing keys for devices for mutual authentication to ensure attackers cannot use man-in-the- middle attacks to compromise security. Enforcing secure connections wherever possible and maintaining a cache of session keys to prevent reuse. Bluetooth SIG (Special Interest Group), a non-profit organization overseeing the development of the Bluetooth standard in response to the report suggested changes in how the technology is operated. These include the rejection of low key strengths and ensure higher encryption strengths along with the use of “Secure Connections Only” mode when pairing devices. ‘COMMENTS SHARE Related stories What are Acoustic Side What is bluebugging, and +s Channel Attacks and how 4 howisit used to hack ; is Al used to increase its Fah | Bluetooth-enabled accuracy? ~~" devices? Related Topies technology (general) / cybercrime / World / wireless technology Latest News 1hour ago - Andhra Pradesh Cyclone Michaung | 600 families evacuated from 51 cyclone-hit villages in Krishna district hour ago - Technology Are Bluetooth connections secure? hour ago - Technology South Korea tests solid-fuel rocket amid space race with North Korea1 © hour ago - Photos Cyclone Michaung | Floods, heavy rain and strong winds take over Chennai READ MORE STORIES