New Bluetooth vulnerability allows hackers to gain control of data
Bluetooth is a technology most of us use to date, whether to transfer data or to connect to a pair of Bluetooth earphones. A group of researchers have discovered a security vulnerability in the technology that leaves devices susceptible to hacking.
The vulnerability was discovered by a group of researchers from CISPA Helmholtz Center, Information Security, Singapore University of Technology and Design and the University of Oxford.
The vulnerability has been named as the “Key Negotiation of Bluetooth” (KNOB) attack. According to the report put out by the researchers, KNOB allows bad actors to interfere with the Bluetooth pairing process. This allows hackers to make the connection’s encryption shorter than what it’s supposed to be, rendering the devices vulnerable to attacks.
Using KNOB attack, hackers can listen into and even alter the content of the Bluetooth transmission. However, to utilise the KNOB attack hackers need to be nearby the Bluetooth source and have a narrow time window to execute the attack.
In the research paper, they mention that the vulnerability does not apply to devices making use of Bluetooth Low Energy (BLE) like the Apple AirPods. It is only applicable to standard devices supporting Bluetooth BR/EDR.
Though the researchers state that there’s been “no evidence” that the vulnerability has been used maliciously, this shows the potential of the danger this vulnerability holds. This vulnerability cannot be fixed at the time and might only be fixed in upcoming Bluetooth standards, so it is recommended that the users increase security going forward to prevent problems from occurring.