ByAdan Flannigan 2019-08-19 807
A new vulnerability in the Bluetooth standards has been discovered. This vulnerability is very cleverly exploited by hackers. Instead of breaking the encryption directly, hackers can force a Bluetooth device to use weaker encryption at first. Each time two Bluetooth devices are connected, they generate a new encryption key.
If a hacker enters between this setup process, it may force the two devices into a cryptographic key with a relatively small number of characters. To find the exact password, the attacker would have to carry out a very violent attack on one of the devices, but this attack can be carried out without being too violent due to the defect in the middle.
KNOB or Bluetooth key negotiation is what has been called this new vulnerability. Through this system, a third party could listen to a conversation, intercept content or inject a malware. This vulnerability would be present in almost twenty chips manufactured by Apple, Qualcomm, Intel, Broadcom and other companies in the sector.
It seems that most people using Bluetooth devices don't have to worry. To accomplish this attack, a hijacker must be present during the connection of Bluetooth devices, while determining the length of the encryption key, each device must block its initial transmission and broadcast its own messages at this connection moment. Of course, this event should take place in a very short time. The hacker also has to re-enter the network every time.
This defect is only found in devices with traditional Bluetooth technology. Some Bluetooth devices even have protection against this (if they have hard-coded encryption). Unfortunately, the organization behind Bluetooth cannot cover this vulnerability, but is trying to provide future protection by offering a minimum password length to vulnerable devices.
For now, no evidence has been found that the vulnerability was used as a “malicious” one. This vulnerability was discovered by a group of researchers presenting their papers at the USENIX Security Symposium.
|You may also want to read:|
|Rumors：DJI Mavic MiNi, Spark 2 or Osmo Mobile 3 will released on August 13|
|AMAZFIT Bip 2 VS AMAZFIT GTR: Full Specifications and Features Comparison|
|Huawei Hongmeng OS (Harmony OS) was officially released on HDC: features and highlights|
● Over 300,000 products
● 20 different categories
● 15 local warehosues
● Multiple top brands
● Global payment options: Visa, MasterCard, American Express
● PayPal, Western Union and bank transfer are accepted
● Boleto Bancario via Ebanx (for Brazil)
● Unregistered air mail
● Registered air mail
● Priority line
● Expedited shipping
● 45 day money back guarantee
● 365 day free repair warranty
● 7 day Dead on Arrival guarantee (DOA)