Bluetooth vulnerability allows intercepting traffic2019-08-16 16:54 by Daniela
Tags: Bluetooth, vulnerability
Researchers have discovered a major new security flaw in Bluetooth, which could leave millions of devices at risk of a malicious hack. The Bluetooth SIG, an organization that oversees the technology's standards, has issued a security notice for what the researchers are calling Key Negotiation of Bluetooth or KNOB attack.
"The KNOB attack can be conducted remotely or by maliciously modifying few bytes in one of the victim's Bluetooth firmware. Being a standard-compliant attack it is expected to be effective on any firmware implementing the Bluetooth specification, regardless of the Bluetooth version. The attacker is not required to possess any (pre-shared) secret material and he does not have to observe the pairing process of the victims," the paper says.
The researchers said they confirmed that KNOB affects 17 unique Bluetooth chips made by Qualcomm, Apple, Intel, and Chicony. Not every device is vulnerable, though. The flaw only applies to traditional Bluetooth devices (not Bluetooth Low Energy, which is frequently used in low-power devices like wearables), and some Bluetooth devices may have protection against it, if they have a hard-coded minimum password strength.
The organization behind Bluetooth can't fix the flaw, but it'll protect against it going forward by recommending that a minimum password length be implemented on vulnerable devices. Existing devices, meanwhile, should be getting patches if they haven't already – the researchers notified the Bluetooth SIG back in November 2018 of its findings. That's a long list, it turns out.
Read more -here-