Major Bluetooth Security Flaw Leaves Millions Vulnerable to Hackers

Cyber-security researchers have detailed a disquisitional Bluetooth vulnerability called KNOB (Key Negotiation Of Bluetooth) that they say can potentially allow hackers to intercept and manipulate a user's communications. The vulnerability apparently affects any standard-compliant Bluetooth device, with the researchers claiming to take successfully carried out proof-of-concept attacks on more than 17 unique Bluetooth chips in 24 unlike devices from Intel, Apple, Lenovo, Qualcomm and more.

Co-ordinate to the researchers: "Nosotros constitute and exploited a severe vulnerability in the Bluetooth specification that allows an assailant to break the security mechanisms of Bluetooth for whatever standard-compliant device. As a outcome, an assaulter is able to the listen, or alter the content of, nearby Bluetooth communication, even between devices that have previously been successfully paired".

The findings, which were presented recently at the USENIX Security Symposium by researchers from the Centre for IT-Security, Privacy and Accountability (CISPA), exploits the fact that not every device has a minimum key-length requirement to found a connectedness between two Bluetooth devices. As a outcome, hackers could potentially fob ii Bluetooth devices into establishing a connection with a curt encryption key created by them.

The attack was first disclosed to Bluetooth SIG and the affected vendors last Nov, following which, 'some' of the companies rolled out updates to mitigate the trouble. "And then … if your device was non updated after late 2018, information technology is likely vulnerable", said the researchers. According to Hot Hardware, Apple and Microsoft have already released patches to fix the issue, while Cisco has promised to roll out a set up presently. Blackberry, Lenovo and Intel take issued security advisories, said the written report.