Researchers have demonstrated a serious weakness in the Bluetooth wireless standard that could allow hackers to intercept keystrokes, address books, and other sensitive data sent from billions of devices.
Dubbed Key Negotiation of Bluetooth-or KNOB for short-the attack forces two or more devices to choose an encryption key just a single byte in length before establishing a Bluetooth connection. Attackers within radio range can then use commodity hardware to quickly crack the key. From there, attackers can use the cracked key to decrypt data passing between the devices. The types of data susceptible could include keystrokes passing between a wireless keyboard and computer, address books uploaded from a phone to a car dashboard, or photographs exchanged between phones.
KNOB doesn't require an attacker to have any previously shared secret material or to observe the pairing process of the targeted devices. The exploit is invisible to Bluetooth apps and the operating system they run on, making the attack almost impossible to detect without highly specialized equipment. KNOB also exploits a weakness in the Bluetooth standard itself. That means, in all likelihood, that the vulnerability affects just about every device that's compliant with the specification. The researchers have simulated the attack on 14 different Bluetooth chips-including those from Broadcom, Apple, and Qualcomm-and found all of them to be vulnerable.
"The Key Negotiation Of Bluetooth (KNOB) attack exploits a vulnerability at the architectural level of Bluetooth," the researchers wrote in a research paper published this week. "The vulnerable encryption key negotiation protocol endangers potentially all standard compliant Bluetooth devices, regardless [of] their Bluetooth version number and implementation details. We believe that the encryption key negotiation protocol has to be fixed as soon as possible."
While people wait for the Bluetooth Special Interest Group-the body that oversees the wireless standard-to provide a fix, a handful of companies has released software updates that patch or mitigate the vulnerability, which is tracked as CVE-2019-9506. The fixes include:
The US CERT has issued this advisory. The Bluetooth Special Interest Group, meanwhile, posted a security notice here.