Recently, some researchers have discovered certain problems that occur with most Bluetooth devices. These vulnerabilities affect devices when paired and allow them to be fully controlled. The problem has been referred to as a “KNOB” vulnerability.
This attack is able to intercept key encryptions while the pairing is being performed, which would give the hacker access to the device. For this reason, the team responsible for the Bluetooth standard was forced to change the official specification.
The “KNOB” vulnerability allows you to control devices connected via Bluetooth
Instead of “forcing” one of the devices, the attack focuses on decrypting the keys sent between devices while blocking their communication. By blocking their communication, the devices send new keys that differ from the previous ones. If the attacker succeeds in decrypting one of these keys, he can set the next request much shorter, giving him virtual control over the devices.
The vulnerability was discovered by researchers at Singapore University of Technology and Design, Oxford, and the Helmholtz CISPA Secure Information Centre. On the other hand, the name comes from “Key Negotiation Of Bluetooth”.
“The researchers tested this type of attack on more than 17 devices and all were tested positive. However, no use of this vulnerability outside the laboratory has been reported.”
However, it is somewhat difficult to enforce, as the attacker must be within the range of one of the devices and must have the necessary processing power.
Some of the major companies affected are Intel, Apple or Qualcomm, but they’re already working on patches to fix it. Future standards have found that minimum security is much more demanding.
And you, what do you think of the “KNOB” vulnerability, do you think Bluetooth is a reliable and secure standard? Share your ideas below.
Related posts:
MacOS 10.13 High Sierra update and security updates fixes a serious Bluetooth® problem
