Major Bluetooth Security Flaw Discovered, Leaves Millions of Devices Vulnerable

Critical Bluetooth flaw opens millions of devices to eavesdropping attacks

The tests were conducted on more than 17 different Bluetooth chips that are common in consumer products, and all of them were vulnerable to the KNOB attack.

Exploiting the KNOB vulnerability would also be hard because both devices need to be Bluetooth BR/EDR, the attacker would need to be within range of the devices while they establish a connection and the attack would also need to be repeated every time the devices paired.

According to researchers, the new Bluetooth Vulnerability is called Key Negotiation of Bluetooth or KNOB Attack.

The vulnerability has been named as the "Key Negotiation of Bluetooth" (KNOB) attack.

More news: Honda unveils Acura Type S Concept ahead of Monterey debut

The way it works is quite creative: instead of trying to brute-force a pairing with your device, an attacker could instead try to interfere with the normal pairing procedure, when both devices have to agree on the connection using an exchange of public keys that verify their identities. For this reason, the team responsible for the Bluetooth standard was forced to change the official specification.

The fact that attackers can exploit the flaw even for devices that had been previously paired makes it even worse. The Bluetooth Special Interest Group was notified late a year ago, before the public notification this week, and vendors given a chance to add workarounds to the flaw. As such, any standard-compliant Bluetooth device can be expected to be vulnerable. Furthermore, the SIG also recommends developers to update the existing solutions and switch it to a minimum encryption key length of 7 octets for BR/EDR connections. Bluetooth SIG has officially launched a Security notice. The issue affects nearly all Bluetooth devices, but fortunately for everyone, there are no signs that it's been used in the wild so far. The solution recommended by the agency is that manufacturers implement a minimum encryption key length, which would be hard to break.

Since then, the industry group behind Bluetooth standards has updated the specification to ban overly short encryption keys, and companies including Microsoft and Apple have rolled out operating system patches to fix the flaw in their recent regular rounds of updates. Therefore, you are urged to update all of your Bluetooth enabled devices to the latest software version available at the moment of writing.

Related News:

  • Feds ding Meruelo for fake emergency alert

    Feds ding Meruelo for fake emergency alert

    The FCC said it had settled with the networks for the misuse of the emergency alert system (EAS) tone. Animal Planet's Lone Star Law and Meruelo Radio Holdings were also fined for similar violations.

    Microsoft isn’t working on a streaming-only Xbox right now

    With the planned 2019 launch of Project Xcloud , Microsoft isn't ignoring the game industry's current mania for streaming gaming. Could this be the other next-gen Xbox Spencer was referencing? In 2020, Microsoft will launch this service more broadly.
    Strong storms possible Sunday; heat and humidity linger

    Strong storms possible Sunday; heat and humidity linger

    As of now, the system moving in on Wednesday is unorganized, but there could be scattered showers and storms that develop. A series of cold fronts will swing through bringing a weak frontal system Tuesday, and a stronger front Thursday morning.
  • Apple CEO Tim Cook made 'very compelling argument' against tariffs, Trump says

    Apple, naturally, complained about the tariffs and made its case when CEO Tim Cook had dinner with President Trump last Friday. Samsung , however, builds its products across several countries, including Vietnam and South Korea in addition to China.
    Jihadi Jack: IS recruit Jack Letts 'loses United Kingdom  citizenship'

    Jihadi Jack: IS recruit Jack Letts 'loses United Kingdom citizenship'

    He has said he is "not innocent" but had hoped he would be allowed to face justice in Britain. Mr Javid said Ms Begum could claim Bangladeshi citizenship because of her family background.
    Woods misses chance to defend Tour Championship title

    Woods misses chance to defend Tour Championship title

    Augenstein was the highest-ranked of the semifinalists; at No. 38 in the world amateur ranking, the only one in the top 100. He made just one more birdie the rest of the way, relegating him to a spot outside of the top 40 in the FedEx standings.
  • First leaked real images and renders of Redmi Note 8 appear

    First leaked real images and renders of Redmi Note 8 appear

    The Redmi Note 8 will thus be launched on August 29, the same day when the company plans to launch the 70-inch Redmi TV . So, it may use the event on August 29th to break its silence and probably share some information about the update.
    Smith ruled out of final day’s play after experiencing delayed concussion symptoms

    Smith ruled out of final day’s play after experiencing delayed concussion symptoms

    Follows up with 142 in the second innings. "One of the biggest disappointments for me was the crowd", said Johnson. Upon discussions with the team doctor and coach as well, they were both happy and I was comfortable as well.
    Password Checkup Helping Users Stay Safer

    Password Checkup Helping Users Stay Safer

    Those publicly available user names and passwords are among data that has been leaked in major hacks and other security breaches. By alerting users to this breach status, 26% of our warnings resulted in users migrating to a new password.
  • UFC: Cormier to take time over retirement call

    UFC: Cormier to take time over retirement call

    Daniel Cormier puts his UFC heavyweight championship on the line in a rematch with Stipe Miocic . I feel really dumb that I did it, and I did like the 'Suck It.' I don't know why.
    Confirmed: Ewan McGregor to play Obi-Wan Kenobi in Disney+ series

    Confirmed: Ewan McGregor to play Obi-Wan Kenobi in Disney+ series

    We follow the travails of a lone gunfighter in the outer reaches of the galaxy far from the authority of the New Republic. The late Alec Guiness played the hero as an older man in A New Hope , The Empire Strikes Back and Return of the Jedi .
    Former Bears running back Cedric Benson reported dead in motorcycle crash

    Former Bears running back Cedric Benson reported dead in motorcycle crash

    The Statesman reports that was the third such incident in Austin alone since 2008, though the prior two were eventually dismissed. Hours before the crash, Benson posted a photo of his motorcycle on social media with the caption, "My Saturday evening".

Most liked

Twitter tests new tab in DM for spam, unwanted messages
The new option would allow users search for a particular message by a specific person through a dedicated tab in their DM inbox. If you want to see the message even if you see the warning message, then you can manually open the offensive message.

Huawei's 90-day reprieve expires today, so what now?
The Shenzhen-based telecommunications giant had 90 days to trade with USA partners and the reprieve is ending today. Now, the newswire reports that President Donald Trump doesn't want usa firms to deal with the company.

Pokemon Sword and Shield Gets New Trailer Showcasing Abilities, Items & More
The fantastic new Legendary Pokemon will reportedly be known as Eternatus, and will be reawakened through the power of Dynamaxing. When a Pokemon has its stats lowered while holding Eject Pack, it will then quickly switch out so another Pokemon can be used.

AEW Called Sleeper Hit For TNT By Network President
All eyes in the wrestling industry are focused on October 4 and All Elite Wrestling's debut on the TNT Network. AEW Wednesday Night War as this is the same night that AEW will begin airing live from 8-10pm ET on TNT.

Funeral of Man Shot by Israel Fire at Gaza Border
The rocket fire and retaliation came after a series of other incidents along the Gaza border since the start of the month. On Friday Palestinians in Gaza fired a rocket at Sderot, in what the army said was the first such attack since July 12.

Restrictions continue in Kashmir despite security ease
It can only be hoped, influential global players, especially the USA , will help resolve the situation before it spirals out of control.

Rainbow Six Siege Operation Ember Rise detailed
Bomb sites have been rotated too with the Kitchen bomb now in the Security Room and the Radio Room bomb is now in the Lounge Room. Harishva "Harry" Pandey, who'll serve as a narrator explaining the origins of Rainbow Six's various operators.

Superhot Appears to be Coming to the Nintendo Switch
The back information denotes that there's the chance lurking around that you bought the old Nintendo Switch without realizing it. This deal has led many to wonder if GameStop will allow in-store data transfer between an old console and the new Switch.

Hundreds of thousands protest peacefully against Hong Kong extradition bill
According to some reports they could be preparing to enter Hong Kong to assist in restoring order should police fail. Harley Ho, a 20-year-old social work student, said protesters would not rest until their demands were met.

Trump Fat-Shames His Own Supporter He Mistook for Protester
Although many in the United States have mocked the idea, one Democratic lawmaker on Sunday voiced openness to considering it. The US military had a presence in Greenland during the war as a means to protect the continent if Germany tried to attack.

Neymar ready to take pay cut
For Barcelona , though, it would be a complicated deal to do in terms of finances. PSG paid a massive sum, more than $200 million to sign Neymar just two years ago.

Where Josh Gordon Fits on Patriots Receiver Depth Chart
Last year, the 6-foot-3-inch, 205-pounder caught 28 passes for 304 yards and three touchdowns for the Colts. In seven years in Cleveland, Gordon played four seasons.

Oil rises on U.S. high retail sales
The Saudis, Russia and other key members of the coalition will meet to review their strategy in Abu Dhabi on September 12. At just under $60 a barrel in London, crude is below the levels most OPEC nations need to cover government spending.

Tottenham player ratings at Manchester City: Centre backs star for Spurs
Sergio AGUERO would give Manchester City their second lead of the match as he scored his second goal of the Premier League season. Again City camped in the Spurs half, peppering Hugo Lloris' goal, but once more the visitors fought back.

Court calls for Open Arms ship to enter Italy
However, the court ruling did not say whether the boat should be allowed to dock or the migrants disembark. But from a beach in the northwest of Italy, Salvini complained: 'What a odd country.