CVE-2023-24023: 
vulnerability analysis and mitigation

The BLUFFS (Bluetooth Forward and Future Secrecy) vulnerability (CVE-2023-24023) affects Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification versions 4.2 through 5.4. This vulnerability allows certain man-in-the-middle attacks that can force a short key length, potentially leading to encryption key discovery and live injection attacks (NVD, Bluetooth SIG).

The vulnerability enables a man-in-the-middle attacker to spoof paired or bonded devices and prompt both to establish a subsequent encryption procedure using legacy encryption. The attacker can force the minimum permitted encryption key length supported by both devices and control the nonce values used for encryption key generation. The attack specifically targets BR/EDR Secure Connections pairing by downgrading to a protocol that doesn't require mutual authentication. The CVSS v3.1 base score is 6.8 (Medium), with the vector string CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N (NVD, ACM Paper).

When successfully exploited, an attacker within wireless range can force the same encryption key to be used for every session and implement the lowest supported encryption key length. If the encryption key length can be reduced below 7 octets, the attacker may be able to brute force the encryption key in real-time, enabling live injection attacks on traffic between affected peers. Additionally, if a key is compromised, all prior and subsequent attacked sessions become vulnerable to decryption (Bluetooth SIG).

Implementations are advised to reject service-level connections on encrypted baseband links with key strengths below 7 octets. For implementations capable of always using Security Mode 4 Level 4, connections should be rejected on encrypted baseband links with key strength below 16 octets. Operating both devices in Secure Connections Only Mode will ensure sufficient key strength. Additionally, implementations should track that a link key was established using BR/EDR Secure Connections in the Bluetooth Security Database and verify that subsequent encryption establishment also uses Secure Connections (Bluetooth SIG).