The Limited Times

Now you can see non-English news...

A security flaw in Bluetooth discovered by an Italian - Cybersecurity

2023-12-02T13:09:06.972Z

Highlights: A security flaw in Bluetooth discovered by an Italian. It's called "Bluffs" like in poker, but it's not about the card game. The flaw affects most devices manufactured from 2014 to the present. It has to do with security keys established to encrypt (protect) connections from a nearby attacker. the first research study on the forward and future secrecy of Bluetooth, and there could be more in the future, says researcher Daniele Antonioli, originally from Pesaro.


It's called "Bluffs" like in poker, but it's not about the card game. (ANSA)


It's called "Bluffs" like in poker, but it's not about the card game. It's a security flaw in the Bluetooth system, which threatens the privacy of billions of users of these technologies: smartphones, laptops, tablets, smartwatches, iPhones, iPads, Android, Macs and Windows to cars.
The flaw affects most devices manufactured from 2014 to the present and is independent of the supported Bluetooth version. Bluffs, which stands for "Bluetooth Forward and FutureSecrecy," has to do with security keys established to encrypt (protect) connections from a nearby attacker. The flaw was discovered by the Italian researcher Daniele Antonioli, originally from Pesaro, associate professor of computer security at Eurecom, a research center of French excellence of Sophia Antipolis.
"With Bluffs, an attacker is able to establish a weak key between two devices and then compromise it and force its use over time," he explains. Antonioli presented his work at the ACM Sigsac Conference on Computer and Communications Security (CCS '23), which took place in Copenhagen from 27 to 29 November.
The vulnerabilities discovered concern "two security properties called forward secrecy and future secrecy," the researcher adds. The first is supposed to protect our data, including sensitive data, exchanged in the past from an attack that compromises a secure connection in the present. The second should protect the data exchanged in future connections, when the present one is compromised. It's like being able to hack into an account that is password-protected and requires the password to be changed every month, forcing the victim to reuse the compromised password over time. It's the first research study on the forward and future secrecy of Bluetooth, and there could be more in the future." Antonioli in a post on his personal website released the toolkit to test the attacks, the research paper and the slides of the presentation made at the CCS conference. Bluffs is traceable to the worldwide vulnerability database as CVE-2023-24023. The Bluetooth Sig consortium has already published a security advisory about the flaw.


All rights reserved © Copyright ANSA

Source: ansa

All news articles on 2023-12-02

You may like

News/Politics 2023-10-02T11:53:15.086Z
News/Politics 2023-09-08T13:44:18.517Z

Trends 24h

News/Politics 2024-02-25T07:12:13.452Z
News/Politics 2024-02-25T07:33:26.597Z
News/Politics 2024-02-25T10:23:42.914Z

Latest

© Communities 2019 - Privacy

The information on this site is from external sources that are not under our control.
The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.