/?pid=new-attack-exploiting-serious-bluetooth-weakness-21057

Updated:04:18 AM EDT Mar 18


this is ggmania.com subsite New Attack exploiting serious Bluetooth weakness - TechAmok

New Attack exploiting serious Bluetooth weakness - [security]
05:54 PM EDT - Aug,18 2019 - post a comment

Researchers have demonstrated a serious weakness in the Bluetooth wireless standard that could allow hackers to intercept keystrokes, address books, and other sensitive data sent from billions of devices.

Dubbed Key Negotiation of Bluetooth-or KNOB for short-the attack forces two or more devices to choose an encryption key just a single byte in length before establishing a Bluetooth connection. Attackers within radio range can then use commodity hardware to quickly crack the key. From there, attackers can use the cracked key to decrypt data passing between the devices. The types of data susceptible could include keystrokes passing between a wireless keyboard and computer, address books uploaded from a phone to a car dashboard, or photographs exchanged between phones.

KNOB doesn't require an attacker to have any previously shared secret material or to observe the pairing process of the targeted devices. The exploit is invisible to Bluetooth apps and the operating system they run on, making the attack almost impossible to detect without highly specialized equipment. KNOB also exploits a weakness in the Bluetooth standard itself. That means, in all likelihood, that the vulnerability affects just about every device that's compliant with the specification. The researchers have simulated the attack on 14 different Bluetooth chips-including those from Broadcom, Apple, and Qualcomm-and found all of them to be vulnerable.

"The Key Negotiation Of Bluetooth (KNOB) attack exploits a vulnerability at the architectural level of Bluetooth," the researchers wrote in a research paper published this week. "The vulnerable encryption key negotiation protocol endangers potentially all standard compliant Bluetooth devices, regardless [of] their Bluetooth version number and implementation details. We believe that the encryption key negotiation protocol has to be fixed as soon as possible."

While people wait for the Bluetooth Special Interest Group-the body that oversees the wireless standard-to provide a fix, a handful of companies has released software updates that patch or mitigate the vulnerability, which is tracked as CVE-2019-9506. The fixes include:

The US CERT has issued this advisory. The Bluetooth Special Interest Group, meanwhile, posted a security notice here.


Short overview of recent news articles

Haley Messick - Saatisfaction @bennybenassi - In10sive Mastercamp (Mar,18 2024 )

1000W CPU: The Most Powerful Desktop Processor (Mar,18 2024 )

Expands Snapdragon 8 Series to Cover More Price Points (Mar,18 2024 )

Train Vs Lamborghini (Mar,17 2024 )

Don't use a Microsoft Account! (Mar,16 2024 )

This Ghillie Made from MIRRORS is SHOCKINGLY GOOD (Mar,16 2024 )

How Hackers Deliver Malware to Hack you using Social Media (Mar,16 2024 )

Call of Duty: Warzone Mobile - Launch Trailer (Mar,15 2024 )

Intel's 4th Attempt At Beating Ryzen - "New" 6.2GHz Core (Mar,14 2024 )

Asus Goes Big with Zenfone 11 Ultra (Mar,14 2024 )

House Passes Bill to Force Sale of TikTok (Mar,14 2024 )

Motorola Brings More Affordable 5G Phones to its 2024 Lineup (Mar,14 2024 )

Capristan Swim - Miami Swim Week | Art Basel Miami (Mar,14 2024 )

The Most Stunning All SSD NAS Ever? Inside QNAP's All-SSD (Mar,11 2024 )

M2 vs M3 MacBook Air - ULTIMATE Comparison! (Mar,11 2024 )

Risky PC Experiment: Direct CPU Water-Cooling! Can It Survive? (Mar,11 2024 )

SpaceX Falcon 9 rocket launches 23 Starlink satellites from (Mar,11 2024 )

I tried the Cheapest Arduino Alternative (that Nobody heard of) (Mar,10 2024 )

This is the WEIRDEST PC I've ever seen. (Mar,10 2024 )

Nvidia Retires GTX 16 Series, GDDR7 Arrives, FSR Upscaling Going AI? (Mar,10 2024 )

The New BIOS Hack That Bypasses Every Antivirus (Mar,09 2024 )

Microsoft says it hasn't been able to shake Russian state hackers (Mar,09 2024 )

iOS 17.4, Out Today, Brings Transcripts to Apple Podcasts (Mar,09 2024 )

Microsoft Kills Android-on-Windows (Mar,09 2024 )

Don't Make These Common PC Building Mistakes! (Mar,08 2024 )

Sydney Sweeney Gets Outcast By Her Hooters Co-Workers On 'SNL' (Mar,07 2024 )

How A Journalist Uncovered America's Secret Doomsday Bunkers (Mar,07 2024 )

Government Banning Hardware Wallets? (Mar,07 2024 )

Xiaomi 14 Ultra Full Review: I prefer to call it '13S Ultra' (Mar,07 2024 )

Windows Defender vs Ransomware 2024 (Mar,05 2024 )

I fixed this PCIe card with tape - I can't believe this worked... (Mar,04 2024 )

Auto Change IP Address in every 3 Seconds - 100% ANONYMOUS (Mar,03 2024 )

Liquid Cooling is Dead (Mar,03 2024 )

This AAA Hedera Powered Game Could EXPLODE HBAR'S VALUE (Mar,02 2024 )

Gaming on Starlink - 2024 Review and Tes (Mar,02 2024 )

World's Fastest Camera Drone Vs F1 Car (ft. Max Verstappen) (Mar,01 2024 )

Top 5 Best CPU Coolers 2024 (Feb,29 2024 )

Tangem vs Cypherock X1 Cold Wallet - Choose Wisely! (Feb,29 2024 )

The All China PC (Feb,29 2024 )

The NEW Legion 7i - A Game Changer (Feb,28 2024 )

First Look 2024: A new era of Samsung AI TV (Feb,28 2024 )

Tesla Model 3 (2024) - Crazy Cool Tech Features!!! (Feb,27 2024 )

The Terrible Simpsons Predictions for 2024 (Feb,26 2024 )

HW News - Intel Wants AMD's Chips, Cooler Master Sues Everyone (Feb,25 2024 )

It CAN be done - The Potato PC (Feb,25 2024 )

What's the best bang-for-the-buck gaming CPU right now? (Feb,25 2024 )

How to never accidentally run Malware: Must Have Windows Tweaks (Feb,25 2024 )

Black Tape Project Full Show / Miami Swim Week (Feb,25 2024 )

3 USB things every Windows user must do right now! (Feb,24 2024 )

Samsung Galaxy Z Fold 6 - WOW! Look At This (Feb,24 2024 )

>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs