Researchers have demonstrated six different attacks that can break the secure connection of devices connected via Bluetooth and hijack data from innocent victims. Scarily, all devices between 2014 and now are vulnerable to this risk. The particular Bluetooth security flaw was found to be present on all devices using Bluetooth 4.2 to 5.4. Additionally, the report has found that the AirDrop feature on iPhones is at particular risk from this attack.
According to a report by Bleeping Computer, “Researchers at Eurecom have developed six new attacks collectively named 'BLUFFS' that can break the secrecy of Bluetooth sessions, allowing for device impersonation and man-in-the-middle (MitM) attacks”.
Here, impersonation attacks mean such attacks where a hacker can pretend to be a secure connection where you're sending files or other data, and while the victim thinks they're sending it to a trustworthy destination, it ends up with the hacker. Man-in-the-middle (MitM) attacks are those where the data reaches the intended recipient but the hacker intercepts the connection and also receives a copy of the data.
According to Daniele Antonioli, who discovered the attacks, these attacks are not specific to software or hardware, and instead targets the architectural configuration of Bluetooth connections to hijack the devices at a fundamental level. AirDrop is at a higher risk because of the way it pairs with other iPhones and Apple devices.
Put simply, two devices pair and connect with one another based on secret session keys. The devices automatically create these keys and during the pairing process, they are shared among the two devices, which is used to confirm the bond and start a connection. These attacks, collectively called BLUFFS,
Read more on tech.hindustantimes.com