A group of security researchers has discovered a security flaw in Bluetooth that could let hackers spy on your communications.
Essentially, when two Bluetooth-enabled devices connect to each other and set up encryption keys to securely communicate, hackers could interfere with their connection, confusing them into setting up an extremely short encryption key, sometimes as small as one character. Then, hackers could simply try each encryption key of that length until they find one that lets them extract all the data the devices send back and forth.
The researchers, who presented their findings at the USENIX Security Symposium, say Bluetooth chips from Intel, Broadcom, Apple, and Qualcomm all proved vulnerable to the attack, which they dubbed KNOB, for Key Negotiation Of Bluetooth. Bluetooth Low Energy is not affected.
Since then, the industry group behind Bluetooth standards has updated the specification to ban overly short encryption keys, and companies including Microsoft and Apple have rolled out operating system patches to fix the flaw in their recent regular rounds of updates.
There’s no evidence the attack has actually been used, and hackers looking to use it to steal data would have to have been in close range of the devices they were trying to eavesdrop on.