Major Bluetooth security flaw exposes devices to hackers

Researchers have discovered a significant Bluetooth security vulnerability that leaves devices susceptible to hacking.

The flaw was discovered by a group consisting of researchers from the CISPA Helmholtz Center, Information Security, Singapore University of Technology and Design and the University of Oxford.

The flaw, referred to by the researchers as the “Key Negotiation of Bluetooth” (KNOB) attack, allows bad actors to interfere with the Bluetooth pairing process. In practice, hackers are able to make the connection’s encryption shorter than what it’s supposed to be, rendering the devices vulnerable to attacks. Through this exposure, hackers can listen into and even alter the content of the Bluetooth transmission.

However, the researchers note that hackers need to be nearby in order to do this and will only have “a narrow time window” to pull it off. Further, the vulnerability doesn’t apply to Bluetooth Low Energy (BLE) devices like AirPods, only standard devices supporting Bluetooth BR/EDR. Therefore, the team says there’s been “no evidence” that the vulnerability has been used maliciously.

Still, the report sheds light on a potentially dangerous vulnerability in a commonly used form of technology. At this point, Bluetooth can’t fix what’s already happened, so it will have to increase security going forward to prevent similar problems from occurring.

Source: Usenix