Daniele presented a paper titled “BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses” at the 30th ACM CCS Conference on Computer and Communications Security (CCS’23). The conference took place from 26th-30th November in Copenhagen, Denmark.
The paper “BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses” presents novel vulnerabilities, attacks, and defenses related to forward and future secrecy, two security properties that should protect Bluetooth connections from wireless attackers. The attacks are effective on billions of Bluetooth devices, including products from Apple, Microsoft, Google, Logitech, Intel, and Qualcomm as they exploit flaws in the Bluetooth specification. They allow, among others, to eavesdrop on sensitive data, inject malicious data, and machine-in-the-middle connections across past, present, and future sessions. BLUFFS is tracked with CVE-2023-24023.
More interesting research and scientific papers and talks will follow next year.
For more information about the BLUFFS paper please visit Daniele´s website: BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses | Daniele Antonioli (francozappa.github.io)
