The discovery of various Bluetooth security flaws has focused attention on devices compatible with this technology. According to a report shared by Eurecom researchers, Six new attacks that bypass Bluetooth security measures, collectively called ‘BLuffS’and you may put at risk confidential information shared through it.

According to the research, This vulnerability put all devices running on Bluetooth 4.2 at risk. (Introduced December 2014) to Bluetooth 5.4 (Introduced February 2023). This includes the latest iPhone, iPad and Mac.

What are BLuff attacks?

To carry out BLuffS attacks, a threat agent must be within range of the target devices. BLuffS exploits four flaws in the Bluetooth session key derivation process that an attacker can use to pose as one of the devices.

Taking into consideration BLuffs is part of a research project, users do not need to worry about it being used in the wild. However, Eurecom revealed flaws in Bluetooth that have existed for some time. The Bluetooth Special Interest Group is responsible for overseeing the development of the Bluetooth standard and will need to address these vulnerabilities.

Daniele Antonioli, who discovered the attacks, said: BLuffs exploits two previously unknown flaws in the Bluetooth standard It relates to how session keys are derived to decrypt data and involves the following risks:

• Device spoofing: You think you’re sending data to a known device (e.g. sending something to a friend via AirDrop) when you’re actually connected to an attacker’s device.
• Man in the Middle (MitM) attack: It is a method where data is sent to the desired device, but the data is intercepted by an attacker so that a copy is also obtained.

According to the information obtained so far; It is unclear whether patches will be released for existing devices and this requires device manufacturers to make changes to the way they implement Bluetooth security.

Want to stop using Bluetooth?

This scenario leaves users without many alternatives when it comes to protecting their information. In this sense, Experts recommend keeping Bluetooth turned off in public places. If certain actions are required, such as using a Bluetooth headset, disable them when you are finished using them.

According to the research, Apple, on the other hand, can solve some of these problems with operating system patches. Therefore, they recommend keeping operating system updates up to date in case of this or any other risk.

Finally, Caution is advised when using technologies such as AirDrop To send personal photos or documents.