Recent reports have revealed a serious security issue with Bluetooth that could allow criminals to impersonate other devices The issue could affect the latest updates to Bluetooth as well as some older versions

The security weaknesses were developed by a team at the research institute Eurecom These weaknesses were named "BLUFFS" (Bluetooth Forward and Future Secrecy) The weaknesses appear to affect Bluetooth versions from 41 to 54; Bleeping Computer reports that cell phones with these versions are vulnerable to at least three of the six types of attacks developed This means that all phones from the iPhone 6 to the iPhone 15 could be affected by BLUFF

BLUFFS are not described as a hardware or software configuration, but instead are architectural in nature and cannot be easily fixed The exploit relates to two previously unknown flaws related to the method of deriving the session key for decrypting dates

For BLUFFS to work, the two phones must be within Bluetooth range Once in range, the attacker can change the secure key used to encrypt the data The attacker must impersonate one of the devices sharing the data

Importantly, there is no guarantee that the majority of people will be affected by these flaws However, there are a few things that can be done to protect devices: first, turn off Bluetooth when not in use It is also a good idea to only connect with authenticated devices and never with unknown sources

Bluetooth seems to be working on a solution to this problem and several suggestions have been made: the first is to introduce secure key generation This is a quick solution and people can be sure that their data is being transmitted to the correct location However, more information on the proposed fixes will be provided in the future

Following the discovery of this flaw, the Bluetooth SIG issued an official statement on the issue In this statement, the Bluetooth SIG acknowledges the existence of the vulnerability and advises that the potential impact can be mitigated by denying access to certain resources or by implementing security measures [For example, including sufficient key entropy to ensure that session key reuse is limited for attackers Key entropy with respect to cybersecurity is used to generate random numbers, which are then used to generate security keys to protect data in storage or in transit The higher the quality of the random numbers, the better the security

To address this vulnerability, Bluetooth strongly recommends that implementations deny service-level connections with encryption keys below a certain octet (a unit of digital information consisting of eight bits), which varies from device to device It also recommends that both devices operate in Secure Connections Only Mode to ensure sufficient key strength

Secure Connections Mode also helps by tracking whether the link key was established by Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) This means that known devices that have attempted to connect but have not used a key saved from a previous connection will be flagged If there is no previously stored key or the octet key is too small, the connection will not be made

At this time, there is no real fix for the above flaws, which exist in the Bluetooth architecture and will not be fixed until the next Bluetooth version is released In the meantime, however, there is one simple way to protect oneself from attacks that take advantage of these flaws

For now, if you are really worried about falling victim to a Bluetooth attack, your best bet would be to disable Bluetooth when you are out and about If you are using the best Bluetooth headphones, this would not be ideal, but for those who are not, this is your best bet at the moment

But as 9To5Mac points out, this isn't really convenient, so a more practical way to stay safe would be to not send sensitive files, photos, or other data over Bluetooth while in public For iPhone users, this would include not sending sensitive This includes using AirDrop to send photos and documents containing highly personal information

How the Bluetooth SIG plans to nip this problem in the bud will become clear when the next major release of Bluetooth is ready for inclusion in upcoming devices