For years, Bluetooth connections had stood out for their effectiveness and security, something they could boast, until today.
A group of researchers has just announced a serious failure within Bluetooth connections, which they already classify as “a serious threat to the security and privacy of all Bluetooth users.” And, they explain, millions of wireless devices would be exposed to possible attacks and intrusions.
According to the researchers, who disclosed the details of the vulnerability during the USENIX Security Symposium, this is a bug that would allow attackers to interfere with the Bluetooth pairing procedure, causing the connection encryption key between the devices to be shorter, and therefore easier to crack.
Once the devices are linked through this new encryption key, a brute force attack is used in the connection to know the key so that data shared between the devices can be accessed. The information can affect smartphones, computers, cars, speakers, wearables, IoT devices and many more.
The Bluetooth SIG, which is the body that monitors the standards of this technology, confirmed the vulnerability and issued a security warning of what they have called ‘ Key Negotiation of Bluetooth ‘ or “KNOB” attack.
According to the information, the vulnerability affects only the devices that use the Bluetooth BR / EDR connection, also known as ‘Bluetooth Classic’, so, in theory, the devices that use Bluetooth LE (low energy consumption) would not be in risk.
On the other hand, it is said that attackers can exploit this fault even when the devices had already been paired previously. However, for this to happen, it would be necessary, first, for the attacker to be present and within range within the process of connection between the devices. And second, that they do the whole procedure “within a narrow window of time.”
Besides, the attacker would have to repeat the procedure every time he wanted to intervene in the connections. That is, not all devices are vulnerable, although the tests found that at least 17 Bluetooth chips are at risk, including chips from manufacturers such as Broadcom, Qualcomm, Intel, and Chicony.
Bluetooth SIG mentioned that at the moment it is not possible to solve the fault, at least in the medium term, since it is required to change the specification. They claim that today “there is no evidence” that this ruling has been maliciously exploited. The solution recommended by the agency is that manufacturers implement a minimum encryption key length, which would be difficult to break. So far only Apple and Microsoft have sent patches to resolve this bug.
