Cybersecurity researchers have detailed a report that showcases a flaw in Bluetooth dubbed KNOB (Key Negotiation Of Bluetooth). KNOB allows an attacker to break the security mechanisms of Bluetooth for any standard-compliant device. So that means nobody is safe!
“We found and exploited a severe vulnerability in the Bluetooth specification that allows an attacker to break the security mechanisms of Bluetooth for any standard-compliant device. As a result, an attacker can listen, or change the content of, nearby Bluetooth communication, even between devices that have previously been successfully paired”. The team noted in a statement.
The flaw has been tried and successfully exploited from devices by different makers including chips from Broadcom, Qualcomm, Apple, Intel, among other manufacturers.
The research team states the study was carried out on 17 different Bluetooth chips (by attacking 24 different devices), and they have already showcased the proof-of-concept. Bluetooth makers were already notified about the flaw in November 2018.
Since then, the team states “some vendors might have implemented workarounds for the vulnerability on their devices.” Which means in case your device has not been updated since late 2018 then “..it is likely vulnerable.”
HotHardWare states Apple and Microsoft have already patched the flaw. Blackberry, Lenovo, and Intel have released security advisories, while Cisco states a fix is coming soon.
But the good news is that the flaw only affects Bluetooth and not Bluetooth Low Energy (BLE) commonly used in wearables and there is no chance that an attacker can connect to a paired device.