* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Monday, October 6, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Row K Entertainment Emerges as Major New Hollywood Buyer With Splashy TIFF Shopping Spree – TheWrap

    Row K Entertainment Emerges as Major New Hollywood Buyer With Splashy TIFF Shopping Spree – TheWrap

    Charlie Hunnam Reflects on Playing a Serial Killer in Monster: The Ed Gein Story – Yahoo

    Charlie Hunnam Reveals the Dark Challenges of Playing a Serial Killer in Monster: The Ed Gein Story

    “Reba” cast, then and now: See the stars 24 years later (and who’s reunited for another show) – Yahoo

    “Reba” cast, then and now: See the stars 24 years later (and who’s reunited for another show) – Yahoo

    Why Taylor Swift Name-Dropped Elizabeth Taylor in Her New Album – Yahoo

    Here’s Why Taylor Swift Dropped Elizabeth Taylor’s Name in Her New Album

    Al Roker Gives Olivia Dean an Unexpected ‘New Job’ on the ‘Today’ Show – Yahoo

    Al Roker Shocks Olivia Dean with an Exciting New Role on the ‘Today’ Show

    Books about the arts and some haunts for a Denton October – Denton Record-Chronicle

    Uncover Artistic Treasures and Spooky Adventures to Experience in Denton This October

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Forget Cowbells. Cows Wear High-Tech Collars Now. – The New York Times

    Ditch the Cowbells: Discover the High-Tech Collars Transforming Cattle Care

    What the Recent Price Surge Means for Figure Technology Solutions After SEC Settlement – Yahoo Finance

    What the Recent Price Surge Reveals About Figure Technology Solutions Following SEC Settlement

    MAC Brings iPad Technology to Football Sidelines Across All 13 Member Schools – Sports Video Group

    MAC Brings iPad Technology to Football Sidelines Across All 13 Member Schools – Sports Video Group

    Technology Is Becoming More Important Than Humans In CX – No Jitter

    Technology Is Becoming More Important Than Humans In CX – No Jitter

    A Tech Expo Shows What China Can Make, but Not Who’ll Buy It All – The New York Times

    Inside China’s Tech Expo: Cutting-Edge Innovations Face Uncertain Demand

    Steampunk Metal Oval Technology Sense Sunglasses Personality Handmade Chain Multicolor Sunglasses UV400 – The San Joaquin Valley Sun

    Steampunk Metal Oval Sunglasses with Handmade Multicolor Chain – Bold UV400 Protection and Unique Style

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Row K Entertainment Emerges as Major New Hollywood Buyer With Splashy TIFF Shopping Spree – TheWrap

    Row K Entertainment Emerges as Major New Hollywood Buyer With Splashy TIFF Shopping Spree – TheWrap

    Charlie Hunnam Reflects on Playing a Serial Killer in Monster: The Ed Gein Story – Yahoo

    Charlie Hunnam Reveals the Dark Challenges of Playing a Serial Killer in Monster: The Ed Gein Story

    “Reba” cast, then and now: See the stars 24 years later (and who’s reunited for another show) – Yahoo

    “Reba” cast, then and now: See the stars 24 years later (and who’s reunited for another show) – Yahoo

    Why Taylor Swift Name-Dropped Elizabeth Taylor in Her New Album – Yahoo

    Here’s Why Taylor Swift Dropped Elizabeth Taylor’s Name in Her New Album

    Al Roker Gives Olivia Dean an Unexpected ‘New Job’ on the ‘Today’ Show – Yahoo

    Al Roker Shocks Olivia Dean with an Exciting New Role on the ‘Today’ Show

    Books about the arts and some haunts for a Denton October – Denton Record-Chronicle

    Uncover Artistic Treasures and Spooky Adventures to Experience in Denton This October

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Forget Cowbells. Cows Wear High-Tech Collars Now. – The New York Times

    Ditch the Cowbells: Discover the High-Tech Collars Transforming Cattle Care

    What the Recent Price Surge Means for Figure Technology Solutions After SEC Settlement – Yahoo Finance

    What the Recent Price Surge Reveals About Figure Technology Solutions Following SEC Settlement

    MAC Brings iPad Technology to Football Sidelines Across All 13 Member Schools – Sports Video Group

    MAC Brings iPad Technology to Football Sidelines Across All 13 Member Schools – Sports Video Group

    Technology Is Becoming More Important Than Humans In CX – No Jitter

    Technology Is Becoming More Important Than Humans In CX – No Jitter

    A Tech Expo Shows What China Can Make, but Not Who’ll Buy It All – The New York Times

    Inside China’s Tech Expo: Cutting-Edge Innovations Face Uncertain Demand

    Steampunk Metal Oval Technology Sense Sunglasses Personality Handmade Chain Multicolor Sunglasses UV400 – The San Joaquin Valley Sun

    Steampunk Metal Oval Sunglasses with Handmade Multicolor Chain – Bold UV400 Protection and Unique Style

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Weak session keys let snoops take a byte out of your Bluetooth traffic

November 30, 2023
in Technology
Weak session keys let snoops take a byte out of your Bluetooth traffic
Share on FacebookShare on Twitter

Multiple Bluetooth chips from major vendors such as Qualcomm, Broadcom, Intel, and Apple are vulnerable to a pair of security flaws that allow a nearby miscreant to impersonate other devices and intercept data.

The weaknesses were identified by Daniele Antonioli, an assistant professor at French graduate school and research center EURECOM’s software and system security group. He detailed the attack vectors by which the flaws could be exploited in a paper [PDF] titled “BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses.”

Antonioli’s explanation states that the flaws exist in versions of the Bluetooth Core Specification from 2014’s version 4.2 to the February 2023 version 5.4.

BLUFFS – for BLUetooth Forward and Future Secrecy – is a set of six distinct attacks. Forward secrecy protects past sessions against key compromise, while future secrecy does the same thing for future sessions.

The attacks force the creation of weak session keys, which are used when paired Bluetooth devices try to establish a secure communication channel. Weak keys can be easily broken, allowing the eavesdropper to hijack sessions and snoop on victims’ conversations, data, and activities carried out over Bluetooth.

“Our attacks enable device impersonation and machine-in-the-middle across sessions by only compromising one session key,” Antonioli explained in his paper. “The attacks exploit two novel vulnerabilities that we uncover in the Bluetooth standard related to unilateral and repeatable session key derivation.”

Antonioli wrote that since the attacks impact Bluetooth at the architectural level, they work regardless of hardware and software variations. The BLUFFS attacks are said to have been tested successfully on 18 Bluetooth devices from Intel, Broadcom, Apple, Google, Microsoft, CSR, Logitech, Infineon, Bose, Dell, and Xiaomi, which use 17 different chips. And they affect both Bluetooth security modes: Secure Connections (SC) and Legacy Secure Connections (LSC).

Devices found to use chips susceptible to BLUFFS include smartphones and wireless earbuds from Apple and Google, and a Lenovo ThinkPad.

A dirty dozen of Bluetooth bugs threaten to reboot, freeze, or hack your trendy gizmos from close range

Billions of Bluetooth gadgets bothered by ‘BLURtooth’ miscreant-in-the-middle bug

BrakTooth vulnerabilities put Bluetooth users at risk – and some devices are going unpatched

Zephyr OS Bluetooth vulnerabilities left smart devices open to attack

“The BLUFFS attacks have a severe impact on Bluetooth’s security and privacy,” Antonioli wrote. “They allow decrypting (sensitive) traffic and injecting authorized messages across sessions by re-using a single session key.”

The BLUFFS code repo contains Arm code patches and an attack-checking tool that takes packet capture (pcap) files and isolates Bluetooth sessions to calculate session keys and detect BLUFFS attacks. Antonioli has proposed protocol-level countermeasures involving three extra Link Manager Protocol packets and three extra function calls that vendors can implement while awaiting a Bluetooth specification revision that makes session establishment more secure.

According to Antonioli, the vulnerability was responsibly disclosed in October 2022 to the Bluetooth Special Interest Group (SIG), which in turn coordinated the disclosure of CVE-2023-24023 to multiple vendors.

Google has categorized BLUFFS as a high-severity vulnerability – worthy of a bug bounty – and is said to be working on a fix. Intel also awarded a bounty but designated BLUFFS medium severity. Apple and Logitech reportedly are aware of the issue and working on fixes, while Qualcomm hasn’t yet acknowledged the researchers’ disclosure.

The Bluetooth SIG, which oversees the short-range wireless specification, has issued a security notice about the vulnerability. The notification advises those implementing Bluetooth to configure their systems to reject connections with weak keys. ®

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : The Register – https://go.theregister.com/feed/www.theregister.com/2023/11/30/bluetooth_bluffs_attacks_are_no/

Tags: Sessionsnoopstechnology
Previous Post

AI offers some novel crystal materials that could form future chips, batteries, more

Next Post

Honda cooks up an electric motorbike menu, with sides of connectivity

Row K Entertainment Emerges as Major New Hollywood Buyer With Splashy TIFF Shopping Spree – TheWrap

Row K Entertainment Emerges as Major New Hollywood Buyer With Splashy TIFF Shopping Spree – TheWrap

October 6, 2025
Republicans are holding Americans’ health care hostage — and lying about it – MSNBC News

How Republicans Are Holding Americans’ Health Care Hostage – and Deceiving the Public

October 6, 2025
Irish language: Naomi Long says politicians are playing out ‘culture war’ – BBC

Naomi Long Slams Politicians for Igniting a Divisive ‘Culture War’ Over the Irish Language

October 6, 2025
Air quality speed run – Washington State Department of Ecology (.gov)

Battling Pollution: Washington State’s Urgent Fight for Cleaner Air

October 6, 2025
Equity in science is a beautiful lie — and I’m done pretending – Nature

Equity in science is a beautiful lie — and I’m done pretending – Nature

October 6, 2025
Explore a bird database with 11,500 species – Popular Science

Explore an Incredible Bird Database Showcasing 11,500 Stunning Species

October 6, 2025
South Shore broker funded ‘extravagant lifestyle’ with $11.6 million taken from clients and colleagues, prosecutors say – Boston.com

South Shore broker funded ‘extravagant lifestyle’ with $11.6 million taken from clients and colleagues, prosecutors say – Boston.com

October 6, 2025
QRG Capital Management Inc. Purchases 9,519 Shares of Marvell Technology, Inc. $MRVL – MarketBeat

QRG Capital Management Takes Bold Step by Acquiring 9,519 Shares of Marvell Technology

October 6, 2025
Jaxson Dart, Cam Skattebo fumble away a Giant opportunity vs. Saints – Yahoo Sports

Jaxson Dart, Cam Skattebo fumble away a Giant opportunity vs. Saints – Yahoo Sports

October 6, 2025
‘The World Report’ of The Church of Jesus Christ of Latter-day Saints – KSL TV 5

Inside The World Report: Exploring the Impact of The Church of Jesus Christ of Latter-day Saints

October 6, 2025

Categories

Archives

October 2025
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  
« Sep    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (854)
  • Economy (874)
  • Entertainment (21,749)
  • General (17,444)
  • Health (9,917)
  • Lifestyle (887)
  • News (22,149)
  • People (876)
  • Politics (886)
  • Science (16,085)
  • Sports (21,375)
  • Technology (15,855)
  • World (857)

Recent News

Row K Entertainment Emerges as Major New Hollywood Buyer With Splashy TIFF Shopping Spree – TheWrap

Row K Entertainment Emerges as Major New Hollywood Buyer With Splashy TIFF Shopping Spree – TheWrap

October 6, 2025
Republicans are holding Americans’ health care hostage — and lying about it – MSNBC News

How Republicans Are Holding Americans’ Health Care Hostage – and Deceiving the Public

October 6, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version