BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses

Explore a comprehensive conference talk detailing the BLUFFS attacks (CVE-2023-24023), which break Bluetooth's forward and future secrecy. Delve into six novel attacks enabling device impersonation and machine-in-the-middle across sessions by compromising a single session key. Examine four vulnerabilities in the Bluetooth specification, including two new ones related to unilateral and repeatable session key derivation. Learn about the open-source toolkit developed for testing these attacks via firmware binary patching, and discover the results of experiments exploiting 18 heterogeneous Bluetooth devices. Gain insights into a practical and backward-compatible session key derivation protocol designed to fix these attacks. Compare BLUFFS with related work such as KNOB, BIAS, and BLUR, and acquire valuable Bluetooth security tips and tricks. Understand the critical impact of these attacks on the Bluetooth ecosystem, affecting diverse chips from popular vendors across multiple versions. Explore the proposed enhanced key derivation function that addresses the attacks by design, and discuss potential implementation-level mitigations.

37C3 - BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses