Critical KNOB Bluetooth Vulnerability Affects Millions Devices
CYBER NEWS

Critical KNOB Bluetooth Vulnerability Affects Millions Devices

1 Star2 Stars3 Stars4 Stars5 Stars (1 stemmer, gennemsnit: 5.00 ud af 5)
Loading ...

The Bluetooth SIG group has issued a security notice giving details about a major bug in the technology’s protocols. It is known as the KNOB Bluetooth vulnerability and it affects the security and privacy of millions devices, especially IOT ones.




The KNOB Bluetooth Vulnerability Is a Serious Issue Concerning Bluetooth-Enabled Devices

A team of security specialists have detected a critical threat that affects Bluetooth-enabled devices. It is known as the KNOB Bluetooth vulnerability and effectively allows malicious operators to attack target end devices while at the same time stealing sensitive encryption keys during the connection initiation process. As a consequence the criminals will be able to hijack all traffic and user interactions. All of this represents a tremendous threat to Bluetooth devices however the problem has been found to be coming from the protocol standards themselves. The security reports indicate that the issue comes from the technical specifications which were created 20 år siden!

Relaterede: Næsten alle Apple-enheder sårbar over for angreb på AWDL protokollen

The KNOB Bluetooth vulnerability can be used against devices that feature the technology from v1.0 to 5.1. In short the attackers can be used to make two or more victim devices to use a single encryption key during the initial connection request. When this is done the hackers will be able to very easily brute force it actively eavesdrop on the contents. As a consequence the following malicious actions can be undertaken:

  • Surveillance of the Victims
  • Manipulation of Contents
  • Injecting Code and Data in Active Transmissions

The affected Bluetooth device owners will have no knowledge that this is done as the flaw affects them on a protocol level and there can be no notification that the hackers have accessed their data. The posted security disclosure notes that chips from all major manufacturers are affected: Intel, Apple, Broadcom and Qualcomm.

At the moment there is no information if there are any exploits done by malicious users. To remediate this issue the Bluetooth SIG group is recommending that all manufacturers change the number of key length sizes in the Bluetooth protocol implementation in their chips and devices. This will make it significantly harder to brute force the keys. Users should expect firmware updates in the coming months that will hopefully fix the KNOB Bluetooth vulnerability.

Avatar

Martin Beltov

Martin dimitterede med en grad i Publishing fra Sofia Universitet. Som en cybersikkerhed entusiast han nyder at skrive om de nyeste trusler og mekanismer indbrud.

Flere indlæg - Websted

Følg mig:
TwitterGoogle Plus

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Frist er opbrugt. Venligst genindlæse CAPTCHA.

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...