Know all about this Bluetooth security flaw that puts all devices between 2014 and now at risk. iPhone users are advised to be careful while using the AirDrop feature. (Unsplash)

Alert! All Phones Vulnerable to AirDrop Attack – Uncovering a Major Bluetooth Security Flaw!

Jim HendlerNovember 30, 23 Bluetooth, cybersecurity

A group of researchers have successfully showcased six distinct methods to compromise the secure connection of Bluetooth-enabled devices, allowing them to seize data from unsuspecting individuals. Alarmingly, all devices manufactured from 2014 onwards are susceptible to this threat. The identified Bluetooth security vulnerability affects all devices utilizing Bluetooth versions 4.2 to 5.4. Furthermore, the report highlights that iPhones’ AirDrop feature is particularly vulnerable to this type of attack.

According to a report by Bleeping Computer, “Eurecom researchers have developed six new attacks, collectively known as ‘BLUFFS’, that can break the secrecy of Bluetooth sessions, enabling device impersonation and Man-in-the-middle (MitM) attacks.”

Impersonation attacks here refer to attacks where a hacker can pretend to be a secure connection where you send files or other data, and even though the victim thinks they are sending it to a trusted destination, it ends up on the hacker. Man-in-the-middle (MitM) attacks are where the data reaches the intended recipient, but the hacker intercepts the connection and also obtains a copy of the data.

A major Bluetooth security flaw occurs

According to Daniele Antonioli, who discovered the attacks, these attacks are not related to software or hardware, but instead target the architecture of Bluetooth connections to hijack devices at a basic level. AirDrop is more at risk because it pairs with other iPhones and Apple devices.

Simply put, two devices pair and connect to each other based on secret session keys. These keys are automatically generated by the devices and shared between the two devices during the pairing process, which are used to confirm the bond and establish a connection. These attacks, collectively called BLUFFS, trick devices into extracting weak security keys that can be easily broken by an attacker.

As for, nothing can be done to fix the bug as it is not a software vulnerability. Only device manufacturers can fix the problem when they implement a more secure way to connect devices. However, this means that existing devices may never receive a patch to address this flaw.

How to protect yourself from Bluetooth hijacking

One effective solution is to not keep Bluetooth on when you’re out and about. But for those using Bluetooth headphones or smartwatches, it may not be a viable solution. One thing that users should really be careful about is not to send information in a public place where the risk of being hacked is much higher. Any sensitive documents or files should never be shared via Bluetooth.