Home Internet Bluetooth vulnerability could expose device data to hackers

Bluetooth vulnerability could expose device data to hackers

- Advertisement -

A fast-acting hacker could be able to weaken the encryption of Bluetooth devices and subsequently snoop on communications or send falsified ones to take over a device due to a newly discovered vulnerability in the standard.

The vulnerability is pretty clever: instead of directly breaking the encryption, it allows hackers to force a pair of Bluetooth devices to use weaker encryption in the first place, making it far easier to crack. Each time two Bluetooth devices connect, they establish a new encryption key. If an attacker gets in between that setup process, they could potentially trick the two devices into settling on an encryption key with a relatively small number of characters. The attacker would still have to perform a brute-force attack against one of the devices to figure out the exact password, but that attack could happen in an achievable amount of time, thanks to this flaw.

- Advertisement -

It seems that most people using Bluetooth devices don’t need to be too worried, though. In order to execute this attack, a hacker would have to be present during the Bluetooth devices’ connection, block each device’s initial transmission when establishing encryption key length, and broadcast their own message, “all within a narrow time window,” says the organization behind the standard. The hacker would also have to be in range and repeat the attack every time they wanted to break in again.

Not every device is vulnerable, either. The flaw only applies to traditional Bluetooth devices (not Bluetooth Low Energy, which is frequently used in low-power devices like wearables), and some Bluetooth devices may have protection against it, if they have a hard-coded minimum password strength. The organization behind Bluetooth can’t fix the flaw, but it’ll protect against it going forward by recommending that a minimum password length be implemented on vulnerable devices.

For now, there’s “no evidence” the vulnerability has been used maliciously. It was discovered by a group of researchers who presented their paper at the USENIX Security Symposium. They named the vulnerability the KNOB attack, short for “Key Negotiation Of Bluetooth.”

Technology is making life more meaningful, improves productivity... We are tech lovers...


Please enter your comment!
Please enter your name here

Must Read

Minister assures federal universities of stable power supply

FROM: Pulse The Minister of Power, Alhaji Sale Mamman, has assured that the present administration was determined to ensure that all the federal universities enjoy...

Saudi stock exchange slumps after oil facility attacks

FROM: PUNCH Saudi shares slumped at the start of trading Sunday, the first session after drone attacks on two major oil facilities knocked out more...

Reactions to attack on Saudi oil facilities

Yemen’s Iran-aligned Houthi group on Saturday attacked two plants at the heart of Saudi Arabia’s oil industry in a strike that could impact about...

Bishop Kukah disowns Facebook account, vows to tract perpetrators

FROM: Sun News The Catholic Bishop of Sokoto, Most Reverend, Matthew Hassan Kukah, has disowned Facebook account opened and operating on his name by some...

T. Boone Pickens Saw How Fast Energy Markets Could Change

FROM: Bnnbloomberg T. Boone Pickens, the legendary American oil entrepreneur who died this week at 91, was known for his aggressive corporate plays in the 1980s...