Home Internet Bluetooth vulnerability could expose device data to hackers

Bluetooth vulnerability could expose device data to hackers

- Advertisement -

A fast-acting hacker could be able to weaken the encryption of Bluetooth devices and subsequently snoop on communications or send falsified ones to take over a device due to a newly discovered vulnerability in the standard.

The vulnerability is pretty clever: instead of directly breaking the encryption, it allows hackers to force a pair of Bluetooth devices to use weaker encryption in the first place, making it far easier to crack. Each time two Bluetooth devices connect, they establish a new encryption key. If an attacker gets in between that setup process, they could potentially trick the two devices into settling on an encryption key with a relatively small number of characters. The attacker would still have to perform a brute-force attack against one of the devices to figure out the exact password, but that attack could happen in an achievable amount of time, thanks to this flaw.

- Advertisement -

It seems that most people using Bluetooth devices don’t need to be too worried, though. In order to execute this attack, a hacker would have to be present during the Bluetooth devices’ connection, block each device’s initial transmission when establishing encryption key length, and broadcast their own message, “all within a narrow time window,” says the organization behind the standard. The hacker would also have to be in range and repeat the attack every time they wanted to break in again.

Not every device is vulnerable, either. The flaw only applies to traditional Bluetooth devices (not Bluetooth Low Energy, which is frequently used in low-power devices like wearables), and some Bluetooth devices may have protection against it, if they have a hard-coded minimum password strength. The organization behind Bluetooth can’t fix the flaw, but it’ll protect against it going forward by recommending that a minimum password length be implemented on vulnerable devices.

For now, there’s “no evidence” the vulnerability has been used maliciously. It was discovered by a group of researchers who presented their paper at the USENIX Security Symposium. They named the vulnerability the KNOB attack, short for “Key Negotiation Of Bluetooth.”

alltechng
Technology is making life more meaningful, improves productivity... We are tech lovers...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Must Read

video

Latest iOS 13.3.1 Beta Includes Toggle for Disabling U1 Ultra Wideband Chip

The second beta of iOS 13.3.1, released earlier this month, includes a toggle for disabling the Ultra Wideband chip in the device. Found by Twitter user Brandon...
video

Delete iCloud Unlock in 5 Minutes Any iPhone 4,4s,5,5c,5s,6,6s,7,8,x Without PC/Laptop 100% Tested✔️

Delete iCloud Unlock in 5 Minutes Any iPhone 4,4s,5,5c,5s,6,6s,7,8,x Without PC/Laptop 100% Tested✔️
video

iCloud Unlock Fix Any iPhone/iPad/iPod iOS 1000% Success✅

iCloud Unlock Fix Any iPhone/iPad/iPod iOS 1000% Success✅
video

iCloud Unlock All Countries Any iPhone iOS 100% Success✔️

iCloud Unlock All Countries Any iPhone iOS 100% Success✔️
video

What is the worst iPhone ever?

What is the worst iPhone ever?