A group of researchers recently discovered a critical vulnerability in Bluetooth connectivity that could expose a large number of Bluetooth devices to attack attacks.
The Bluetooth SIG, an organization that oversees the Bluetooth technology standard, has now issued a security notice for the above situation. The notice pointed out that a new attack method called Key Negotiation of Bluetooth (KNOB, Bluetooth Key Negotiation) is emerging.
KNOB attacks can enable an attacker to interfere with the Bluetooth pairing process, making the connected encryption key shorter than expected. This allows an attacker to easily force a connection and monitor data shared between devices.
In addition, for those Bluetooth devices that have been successfully paired before, the vulnerability can still be exploited, so this vulnerability will make the reality worse.
According to related papers, the vulnerability affects devices connected using Bluetooth BR/EDR (or Bluetooth Classic). The attack will only work if there are vulnerabilities in both devices that are connected. The above vulnerability was found in all Bluetooth chips tested by researchers. KNOB’s official website says:
“The KNOB attack is possible due to flaws in the Bluetooth specification. As such, any standard-compliant Bluetooth device can be expected to be vulnerable. We conducted KNOB attacks on more than 17 unique Bluetooth chips (by attacking 24 different devices). At the time of writing, we were able to test chips from Broadcom, Qualcomm, Apple, Intel, and Chicony manufacturers. All devices that we tested were vulnerable to the KNOB attack.”
At present, giants such as Apple and Microsoft have introduced patches to fix the above defects, and the Bluetooth core specification has been modified to require a minimum encryption key length. But people must update their device firmware as soon as the fix is available.
If you need to share passwords and other sensitive information frequently with your partners, you can consider using a reliable password manager like Dashlane to share them safely. Besides, you can use secure VPN like ExperssVPN to encrypt your connection to the Internet, so you will be able to send message and share files with your friends safely. Even your ISP is not able to view your online session and the hacker can’t intercept your traffic.
Published by Emerson L. Sullivan & last updated on August 23, 2019 9:17 am