Security Gap

BlueRange not affected by Bluetooth bluffs

The recently disclosed critical vulnerability described in CVE-2023-24023 makes it possible to disrupt encrypted Bluetooth connections.

BlueRange not affected by Bluetooth bluffs

The recently disclosed critical vulnerability described in CVE-2023-24023 makes it possible to disrupt encrypted Bluetooth connections. This potentially leaves billions of Bluetooth-enabled devices such as smartphones, laptops and tablets vulnerable to a new attack method called bluffs. Bluffs stands for “Bluetooth Forward and Future Secrecy” and describes new techniques that enable MitM (Man in the Middle) attacks and impersonation of other device identities, jeopardizing the confidentiality of Bluetooth sessions. According to a report by Bleeping Computer, Bluffs is based on two previously unknown and architecture-related vulnerabilities in the Bluetooth standard, which are registered as CVE-2023-24023. Affected are Bluetooth BR/EDR devices with support for Secure Simple Pairing and Secure Connections Pairing according to the Bluetooth core specification in versions 4.2 to 5.4.

Be safe with BlueRange

As far as BlueRange is concerned, there is no impact on the BlueRange Mesh technology. The AES 128 BIT Mesh encryption and secure connections via HTTPS and MQTTS ensure data security throughout the system.

Join the Evolution