Specifically, we present the BLUFFS attacks, six novel attacks breaking Bluetooth’s forward and future secrecy by targeting session establishment. The attacks exploit an attack strategy forcing LSC session establishment and manipulating in novel ways its key derivation to reuse a key known to the attacker across sessions. The attacker first installs a weak session key, then spends some time brute-forcing it, and reuses it to impersonate or machine-in-the-middle (MitM) a victim in subsequent sessions (breaking future secrecy) and decrypt data from past sessions (breaking forward secrecy). We decline the attack strategy in six attack scenarios related to the victim’s connection role (i.e., initiator or responder) and Bluetooth security mode (i.e., LSC or SC). Moreover, we detail the four attacks’ root causes, two of which uncover that the standard allows to unilaterally derive session keys without relying on nonces.

We develop the BLUFFS toolkit to perform and detect the BLUFFS attacks automatically and with low effort. The toolkit provides an attack device module requiring open-source software, a Linux laptop, and a Cypress/Infineon CYW20819 board [ 30]. We provide seven new patches for the board’s closed-source firmware enabling monitoring and tampering with Bluetooth session key derivation. Moreover, our attack checker module cleverly parses and analyzes session establishment messages, aka Link Manager Protocol (LMP) packets from a pcap file to automatically compute session keys and detect our attacks.

We demonstrate that the BLUFFS attacks are effective on a large scale by evaluating eighteen devices embedding seventeen unique Bluetooth chips. We successfully exploited a broad set of devices (e.g., laptops, smartphones, headsets, and speakers), operating systems (e.g., iOS, Android, Linux, Windows, and proprietary OSes), Bluetooth stacks (e.g., BlueZ, Gabeldorsche, Bluedroid, and proprietary ones), vendors (e.g., Intel, Broadcom, Cypress, Cambridge Silicon Radio, Infineon, Bestechnic, Apple, Murata, Universal Scientific Industrial, Samsung, Dell, Google, Bose, Logitech, Xiaomi, Lenovo, Jaybird, and Qualcomm), and Bluetooth versions (e.g., 5.2, 5.1, 5.0, 4.2, and 4.1).

The range is impressive but I’m yet to imagine a usecase. How to abuse it for money or intel? Listening to bluetooth headphones, keylogging a wireless board? Emulating said keyboard to get access to more? It sounds like a single-target weapon to me. Can one get it working in a mall, like changing rooms in H&M, to make most phones disclosing their secrets? Then, it’s sure more fucked up. I wonder how many currently used devices won’t ever have this update.