A fast-acting hacker could be able to weaken the encryption of Bluetooth devices and subsequently snoop on communications or send falsified ones to take over a device due to a newly discovered vulnerability in the standard.
The vulnerability is pretty clever: instead of directly breaking the encryption, it allows hackers to force a pair of Bluetooth devices to use weaker encryption in the first place, making it far easier to crack. Each time two Bluetooth devices connect, they establish a new encryption key. If an attacker gets in between that setup process, they could potentially trick the two devices into settling on an encryption key with a relatively small number of characters. The attacker would still have to perform a brute-force attack against one of the devices to figure out the exact password, but that attack could happen in an achievable amount of time, thanks to this flaw.
It seems that most people using Bluetooth devices don’t need to be too worried, though. In order to execute this attack, a hacker would have to be present during the Bluetooth devices’ connection, block each device’s initial transmission when establishing encryption key length, and broadcast their own message, “all within a narrow time window,” says the organization behind the standard. The hacker would also have to be in range and repeat the attack every time they wanted to break in again.
Not every device is vulnerable, either. The flaw only applies to traditional Bluetooth devices (not Bluetooth Low Energy, which is frequently used in low-power devices like wearables), and some Bluetooth devices may have protection against it, if they have a hard-coded minimum password strength. The organization behind Bluetooth can’t fix the flaw, but it’ll protect against it going forward by recommending that a minimum password length be implemented on vulnerable devices.
For now, there’s “no evidence” the vulnerability has been used maliciously. It was discovered by a group of researchers who presented their paper at the USENIX Security Symposium. They named the vulnerability the KNOB attack, short for “Key Negotiation Of Bluetooth.”