Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Heavyweight Bluetooth vulnerabilities billions of devices have been affected since BLUFFS:2014

2025-02-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >

Share

Shulou(Shulou.com)12/24 Report--

CTOnews.com, November 30 (Xinhua)-- Network security experts recently reported that there are two completely new security vulnerabilities in the Bluetooth connection protocol. All devices using Bluetooth versions 4.2 to 5.4 are at risk of being hijacked by attackers, affecting all Bluetooth devices since the end of 2014.

Eurecom security expert Daniel Antoniolli (Daniele Antonioli) explained that taking advantage of the loopholes in the two Bluetooth standards, six new types of attacks have been developed, collectively known as "BLUFFS", which can destroy the confidentiality of Bluetooth sessions, impersonate devices or carry out man-in-the-middle (MitM) attacks.

The two vulnerabilities exposed this time are mainly related to the derivation of session keys in the Bluetooth protocol, which are responsible for decrypting the data in the exchange.

The current security tracking number for these two vulnerabilities is CVE-2023-24023, which affects Bluetooth devices using versions 4.2 to 5.4.

Bluetooth is now standard for many devices, and it is estimated that billions of devices, including laptops, smartphones and other mobile devices, will be affected worldwide.

CTOnews.com Note: BLUFFS affects all versions between Bluetooth 4.2, released in December 2014, and the latest version, Bluetooth 5.4, released in February 2023.

Bluetooth SIG (Special Interest Group), the non-profit organization responsible for overseeing the development of Bluetooth standards and licensing the technology, has received a report from Eurecom and posted a statement on its website.

The organization recommends that low key strength connections with less than seven octets be rejected, use "Security Mode 4 Level 4" to ensure a higher level of encryption strength, and run in "secure connection only" mode when pairing.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Bluetooth device security vulnerability impact version key standard attack expert two new strength report way development number man-in-the-middle confidentiality vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Microsoft Huawei vpn macOS Apple MySQL Shulou Information Docker Shulou Technology OPPO Reno MariaDB Linux Xiaomi Shulou Tech Info Redmi NVidia Microsoft Huawei vpn macOS Apple MySQL Shulou Information Docker Shulou Technology OPPO Reno MariaDB Linux Xiaomi Shulou Tech Info Redmi NVidia

Share To

Related

IT Information

More IT Information >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report