Serious Bluetooth Security Vulnerability Could Leave Millions Of Devices Open To Attacks
The findings were presented at the USENIX Security Symposium by researchers from the Center for IT-Security, Privacy and Accountability (CISPA). The vulnerability has been nicknamed “Key Negotiation Of Bluetooth” or “KNOB”. Every time two Bluetooth devices establish a connection, they also create a new encryption key. Unfortunately, not every device has a minimum key length requirement. Hackers could potentially trick two Bluetooth devices into establishing a connection with a weak and short encryption key. The hackers would then be able to brute force attack one of the devices and gain access to a user’s communications within a short amount of time.
Many of the affected companies, such as Apple and Microsoft, have since released patches. Blackberry, Lenovo
Microsoft and Intel also recently released patches for other major security issues. One vulnerability in Intel’s device firmware could have led to an escalation of privileges or denial of service attack in their NUC mini PC's. Another vulnerability was discovered by security researchers at Bitdefender. This one would have also allowed attackers to bypass fixes that had been rolled out on devices with Intel processors. They worked with Intel and Microsoft for over a year to create a fix. If you use a Windows device, you should run the latest security update. This update will include fixes for both the Intel processor and Bluetooth vulnerabilities.