Latest in Gear

Image credit:

Serious Bluetooth flaw leaves devices open to attack

It's 'a serious threat to the security and privacy of all Bluetooth users.'
Mariella Moon, @mariella_moon
August 16, 2019
1 Shares
Share
Tweet
Share

Sponsored Links

adrian825 via Getty Images

A group of researchers has discovered a critical Bluetooth vulnerability that leaves tons of wireless devices exposed to digital intrusions. The Bluetooth SIG, an organization that oversees the technology's standards, has issued a security notice for what the researchers are calling Key Negotiation of Bluetooth or KNOB attack. It gives bad actors the ability to interfere with the Bluetooth pairing procedure, allowing them to make the connection's encryption key shorter than what it's supposed to be. That makes it easy for attackers to brute force their way into the connection and be able to spy on data shared between devices, such as between a phone and a speaker or a phone and another phone.

The fact that attackers can exploit the flaw even for devices that had been previously paired makes it even worse. According to the paper the researchers published, the vulnerability affects devices that use Bluetooth BR/EDR (or Bluetooth Classic) connection. The attack will only work if both devices establishing a connection have the vulnerability. That said, all the Bluetooth chips the researchers tested were vulnerable. KNOB's official website says:

"The KNOB attack is possible due to flaws in the Bluetooth specification. As such, any standard-compliant Bluetooth device can be expected to be vulnerable. We conducted KNOB attacks on more than 17 unique Bluetooth chips (by attacking 24 different devices). At the time of writing, we were able to test chips from Broadcom, Qualcomm, Apple, Intel, and Chicony manufacturers. All devices that we tested were vulnerable to the KNOB attack."

Tech giants like Apple and Microsoft have already rolled out patches to fix the flaw, and the Bluetooth Core Specification has been changed to require a minimum encryption key length. For those measures to work against what the researchers say is "a serious threat to the security and privacy of all Bluetooth users," though, people must update their devices when a fix becomes available.

In this article: bluetooth, gear, knob attack, security
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1 Shares
Share
Tweet
Share

Popular on Engadget

Garmin's new smartwatch lets streamers show real-time heart rates

Garmin's new smartwatch lets streamers show real-time heart rates

View
Jabra's ANC update for the Elite 75t earbuds is now available

Jabra's ANC update for the Elite 75t earbuds is now available

View
Huawei’s Mate 40 Pro is another powerful flagship that you won't buy

Huawei’s Mate 40 Pro is another powerful flagship that you won't buy

View
The Morning After: 2020 iPad Air review, and RIP to Quibi

The Morning After: 2020 iPad Air review, and RIP to Quibi

View
Amazon Echo (2020) review: Small in stature, mighty in sound

Amazon Echo (2020) review: Small in stature, mighty in sound

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr