Critical KNOB Bluetooth Vulnerability Affects Millions Devices
CYBER NEWS

Critical KNOB Bluetooth Vulnerability Affects Millions Devices

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

The Bluetooth SIG group has issued a security notice giving details about a major bug in the technology’s protocols. It is known as the KNOB Bluetooth vulnerability and it affects the security and privacy of millions devices, especially IOT ones.




The KNOB Bluetooth Vulnerability Is a Serious Issue Concerning Bluetooth-Enabled Devices

A team of security specialists have detected a critical threat that affects Bluetooth-enabled devices. It is known as the KNOB Bluetooth vulnerability and effectively allows malicious operators to attack target end devices while at the same time stealing sensitive encryption keys during the connection initiation process. As a consequence the criminals will be able to hijack all traffic and user interactions. All of this represents a tremendous threat to Bluetooth devices however the problem has been found to be coming from the protocol standards themselves. The security reports indicate that the issue comes from the technical specifications which were created 20 years ago!

Related: Nearly All Apple Devices Vulnerable to Attacks on AWDL Protocol

The KNOB Bluetooth vulnerability can be used against devices that feature the technology from v1.0 to 5.1. In short the attackers can be used to make two or more victim devices to use a single encryption key during the initial connection request. When this is done the hackers will be able to very easily brute force it actively eavesdrop on the contents. As a consequence the following malicious actions can be undertaken:

  • Surveillance of the Victims
  • Manipulation of Contents
  • Injecting Code and Data in Active Transmissions

The affected Bluetooth device owners will have no knowledge that this is done as the flaw affects them on a protocol level and there can be no notification that the hackers have accessed their data. The posted security disclosure notes that chips from all major manufacturers are affected: Intel, Apple, Broadcom and Qualcomm.

At the moment there is no information if there are any exploits done by malicious users. To remediate this issue the Bluetooth SIG group is recommending that all manufacturers change the number of key length sizes in the Bluetooth protocol implementation in their chips and devices. This will make it significantly harder to brute force the keys. Users should expect firmware updates in the coming months that will hopefully fix the KNOB Bluetooth vulnerability.

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...