Someone could take over your Bluetooth devices as simply as turning a knob
In brief: Researchers have found a flaw in Bluetooth’s authentication protocols which can be exploited in a clever, man-in-the-middle attack between two paired devices.
A newly discovered vulnerability in the Bluetooth protocol shows how a malicious actor can reduce the encryption strength for the keys used in the pairing of Bluetooth devices and gain complete control over them as a result. The official body that’s in charge of the Bluetooth standard discovered the flaw and is serious enough that it required a change to the official specification.
The way it works is quite creative: instead of trying to brute-force a pairing with your device, an attacker could instead try to interfere with the normal pairing procedure, when both devices have to agree on the connection using an exchange of public keys that verify their identities. These keys change every time, but if the attacker can guess them fast enough, they can force a shorter encryption key for the next pairing, as low as a single octet — which is the size of one character.
The flaw was discovered by researchers from the Singapore University of Technology and Design, Oxford, and CISPA Helmholtz Center for Information Security, who dubbed it KNOB, short for “Key Negotiation of Bluetooth.” The tests were conducted on more than 17 different Bluetooth chips that are common in consumer products, and all of them were vulnerable to the KNOB attack.
The findings were presented at the USENIX Security Symposium, and while Bluetooth Low Energy isn’t affected by KNOB, traditional Bluetooth chips from major manufacturers like Intel, Broadcom, Qualcomm, Chicony, and even Apple are vulnerable to the attack. The reason it was deemed as a serious flaw is that victims of a KNOB attack are none the wiser about it. It’s also worth noting that it even works on previously paired devices, provided that both are vulnerable.
On the upside, the whole attack is a race against time, and the hacker would have to be in the range of the two devices at the exact moment the pairing takes place. Then, they’d have to “intercept, manipulate, and retransmit key length negotiation messages between the two devices while also blocking transmissions from both,” which is as challenging as it sounds. And the attack needs to be repeated this way every time encryption gets enabled.
Bluetooth SIG notes there is no evidence that anyone has exploited the vulnerability in the wild, and while all current Bluetooth BR/EDR devices are susceptible to it, there is an easy fix that Microsoft and Apple are already rolling out. The Bluetooth Core Specification has also been changed to require manufacturers to hardcode a minimum encryption key length of seven octets (characters) in future devices.
Earlier this year there was a similar revelation of a security flaw in the Bluetooth protocol that allows devices to be tracked using an easier exploit. And yet both vulnerabilities may be less of a reason to worry than the 10 percent tariffs that will reflect in the price of many devices imported in the US starting next month.
Credits to Adrian Potoroaca for this informative article.
Hi, I do think this is an excellent site. I stumbledupon it ;
) I’m going to come back once again since I bookmarked it.
Money and freedom is the best way to change, may you be rich and
continue to guide other people. Hi, I log on to your blogs on a regular basis.
Your writing style is awesome, keep it up!
Hi Kiersten,
Thank you for always checking on our post. We will continue to guide other people in resolving computer-related concerns.
You may also visit our official website: http://www.reimageplus.com
Regards,
Deborah Moore
I’m not that much of a internet reader to be honest but your blogs really nice, keep
it up! I’ll go ahead and bookmark your website
to come back later on. All the best
Hi,
We are glad that you enjoyed reading the blogs that we posted.
Thank you for including our website on your bookmarks.
You may also visit our official website (www.reimageplus.com) if you need further assistance on your computer.
Best Regards,
Kerry Hershey
Reimage
Hi, I think your site might be having browser compatibility issues.
When I look at your blog in Ie, it looks fine but when opening in Internet Explorer,
it has some overlapping. I just wanted to give you a quick heads up!
Other then that, awesome blog!
Hi!
Thank you for bringing this matter to our attention. We’ll definitely check it out using Internet Explorer.
If you have further questions, please let us know. You can also visit our website, http://www.reimageplus.com
Cheers!
Regards,
Deborah
I’m not that much of a online reader to
be honest but your blogs really nice, keep it up!
I’ll go ahead and bookmark your website to come back
later on. Cheers
Hello!
Thank you for this feedback! We’re happy to hear that you like our blogs!
For questions or inquiries, you may visit our website http://www.reimageplus.com
Regards,
Matthew
I have read some just right stuff here. Definitely price bookmarking for revisiting.
I surprise how a lot effort you put to make this sort of excellent informative website.
Remarkable issues here. I’m very happy to look your post.
Thank you a lot and I am having a look forward
to touch you. Will you please drop me a mail?