Article 4NDMQ New Attack exploiting serious Bluetooth weakness can intercept sensitive data

New Attack exploiting serious Bluetooth weakness can intercept sensitive data

by
Dan Goodin
from Ars Technica - All content on (#4NDMQ)
bluetooth-800x534.jpg

Enlarge

Researchers have demonstrated a serious weakness in the Bluetooth wireless standard that could allow hackers to intercept keystrokes, address books, and other sensitive data sent from billions of devices.

Dubbed Key Negotiation of Bluetooth-or KNOB for short-the attack forces two or more devices to choose an encryption key just a single byte in length before establishing a Bluetooth connection. Attackers within radio range can then use commodity hardware to quickly crack the key. From there, attackers can use the cracked key to decrypt data passing between the devices. The types of data susceptible could include keystrokes passing between a wireless keyboard and computer, address books uploaded from a phone to a car dashboard, or photographs exchanged between phones.

KNOB doesn't require an attacker to have any previously shared secret material or to observe the pairing process of the targeted devices. The exploit is invisible to Bluetooth apps and the operating systems they run on, making the attack almost impossible to detect without highly specialized equipment. KNOB also exploits a weakness in the Bluetooth standard itself. That means, in all likelihood, that the vulnerability affects just about every device that's compliant with the specification. The researchers have simulated the attack on 14 different Bluetooth chips-including those from Broadcom, Apple, and Qualcomm-and found all of them to be vulnerable.

Read 19 remaining paragraphs | Comments

index?i=tGfpCPydf-w:g6P7V9DTod4:V_sGLiPB index?i=tGfpCPydf-w:g6P7V9DTod4:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments