Major Bluetooth security flaw leaves millions of devices at risk
Vulnerability allows attackers to shorten Bluetooth encryption keys
A significant security vulnerability in Bluetooth has left millions of smartphones and other devices at risk of attack, researchers have said.
The flaw would allow an attacker to more easily brute force the encryption key used by devices during pairing to monitor or even manipulate the data transferred between two paired devices.
The vulnerability has been given the name “Key Negotiation of Bluetooth attack” or “KNOB” for short and it affects Bluetooth BR/EDR devices using specification versions 1.0 to 5.1.
- Businesses still aren't encrypting their removable devices
- What is Bluetooth?
- Five Eyes nations want access to your encrypted communications data
News of the KNOB vulnerability was revealed in a coordinated disclosure between the Center for IT-Security, Privacy and Accountability (CISPA), ICASI and ICASI members including Microsoft, Apple, Intel, Cisco and Amazon.
The flaw itself allows an attacker to reduce the length of the encryption key used for establishing a connection and in some cases, the length of the encryption key could be reduced to just a single octet making Bluetooth devices much easier to access.
KNOB vulnerability
A security advisory on Bluetooth.com, provided further insight on how the KNOB vulnerability functions, saying:
"The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used. In addition, since not all Bluetooth specifications mandate a minimum encryption key length, it is possible that some vendors may have developed Bluetooth products where the length of the encryption key used on a BR/EDR connection could be set by an attacking device down to a single octet."
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
After figuring out the Bluetooth keys of two devices, attackers could then monitor and manipulate the data being sent between them. This would even allow them to inject commands, monitor key strokes and carry out other types of malicious behavior. Fortunately, ICASI has not yet seen this attack method used maliciously nor have any devices been created to initiate this type of attack.
Exploiting the KNOB vulnerability would also be difficult because both devices need to be Bluetooth BR/EDR, the attacker would need to be within range of the devices while they establish a connection and the attack would also need to be repeated every time the devices paired. The Bluetooth specification has also been updated to recommend a minimum encryption key length of seven octets for BR/EDR connections to resolve this vulnerability.
- We've also highlighted the best Android antivirus apps of 2019
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.