advertisement
advertisement

A Bluetooth encryption flaw could let hackers spy on your connections

The flaw would let hackers inject dummy data when Bluetooth devices are connecting, making them use a simple-to-crack encryption key.

A Bluetooth encryption flaw could let hackers spy on your connections
[Photos: Yura Fresh/Unsplash; 3271136/Pixabay]

A group of security researchers has discovered a security flaw in Bluetooth that could let hackers spy on your communications.

advertisement

Essentially, when two Bluetooth-enabled devices connect to each other and set up encryption keys to securely communicate, hackers could interfere with their connection, confusing them into setting up an extremely short encryption key, sometimes as small as one character. Then, hackers could simply try each encryption key of that length until they find one that lets them extract all the data the devices send back and forth.

The researchers, who presented their findings at the USENIX Security Symposium, say Bluetooth chips from Intel, Broadcom, Apple, and Qualcomm all proved vulnerable to the attack, which they dubbed KNOB, for Key Negotiation Of Bluetooth. Bluetooth Low Energy is not affected.

Since then, the industry group behind Bluetooth standards has updated the specification to ban overly short encryption keys, and companies including Microsoft and Apple have rolled out operating system patches to fix the flaw in their recent regular rounds of updates.

There’s no evidence the attack has actually been used, and hackers looking to use it to steal data would have to have been in close range of the devices they were trying to eavesdrop on.

advertisement
advertisement

About the author

Steven Melendez is an independent journalist living in New Orleans.

More

All week you can attend Innovation Festival keynotes with Robert Downey Jr., Malala Yousafzai, Chip and Joanna Gaines, Janelle Monáe, and more. Claim your free pass now.