Your Bluetooth enabled device may be vulnerable to hackers

A fast-acting hacker may weaken the encryption of your Bluetooth devices and be able to subsequently snoop on communications or send falsified communications to take over a device due to a newly discovered vulnerability in the standard.

While the "hack" has to happen "within a narrow time window" it is pretty clever: instead of directly breaking the encryption, it allows hackers to force a pair of Bluetooth devices to use weaker encryption in the first place, making it far easier to crack. Each time two Bluetooth devices connect, they establish a new encryption key. If an attacker gets in between that setup process, they could potentially trick the two devices into settling on an encryption key with a relatively small number of characters. The attacker would still have to perform a brute-force attack against one of the devices to figure out the exact password, but that attack could happen in an achievable amount of time, thanks to this flaw (especially since many people use very simple passwords for their bluetooth devices).

For now, there’s “no evidence” the vulnerability has been used maliciously. It was discovered by a group of researchers who presented their paper at the USENIX Security Symposium. They named the vulnerability the KNOB attack, short for “Key Negotiation Of Bluetooth.”

Leave a Reply

Your email address will not be published. Required fields are marked *