#BLUFFS: #Bluetooth Forward and Future Secrecy Attacks and Defenses

Source: https://francozappa.github.io/post/2023/bluffs-ccs23/

TL;DR: If you are within range of a Bluetooth connection, you can force both devices into an insecure #encryption which can be cracked using brute force. The #workaround is to reject weak encryption via #software. Since there are never #updates for devices that have already been sold, any Bluetooth #connection with an old device must be considered insecure. Bluetooth can be monitored up to 100 meters with special antennas.

#bug #fail #security #hack #warning #danger #problem #update #news #CVE-2023-24023 #smartphone #vulnerability