Bluetooth security flaw affects billions of devices

Eurecom researchers have discovered six new attack methods, called "BLUFFS", that exploit vulnerabilities in the Bluetooth standard to compromise the confidentiality of Bluetooth sessions and make devices vulnerable to impersonation and man-in-the-middle attacks. These attack methods can destroy the confidentiality of Bluetooth sessions and make devices vulnerable to impersonation and man-in-the-middle attacks, including devices with Bluetooth versions 4.2 to 5.4. The Bluetooth SIG recommends that implementations reject connections with low key strength below seven octets, use "Secure Mode 4 Level 4" to ensure a higher encryption strength level, and pair in "Secure Connection Only" mode run.