Bluetooth Security Flaw Makes Users’ Device Data Vulnerable To Attack

Bluetooth Security Flaw Makes Data Vulnerable

A new Bluetooth security flaw was discovered that could leave users’ data unprotected and open to hackers, The Verge reported on Friday (Aug. 16).

The weakness was discovered by researchers who presented their findings at the USENIX Security Symposium. The KNOB attack, short for “Key Negotiation Of Bluetooth,” interferes with users’ Bluetooth connections, confusing them into setting up a short encryption key that is easy to hack.

The researchers indicated that Bluetooth chips from Intel, Broadcom, Apple and Qualcomm are vulnerable to the attack. Bluetooth Low Energy is not affected.

There is no evidence that the attack has actually been used. To implement this type of breach, the hacker must be in range when the Bluetooth device is being connected in order to block the transmission when the encryption key is being established, the article said.

The industry group behind Bluetooth standards has since updated the specification to ban overly short encryption keys, and companies including Microsoft and Apple have rolled out operating system patches to fix the flaw in their recent regular updates.

Some Bluetooth devices are also protected if they have a hard-coded minimum password strength. It is now recommended that a minimum password length is implemented on vulnerable devices.

Bluetooth has also changed the way thieves go about card skimming, with the ability to use smaller devices and download data over SMS. Card skimmers today are largely invisible to the eye, and with wireless Bluetooth technology, it’s easier for thieves to wirelessly download stolen data. These skimmers can also connect to magnetic readers and keypads to swipe authenticating information like PINs and zip codes.

But the technology also makes it easier to counteract attacks. A new app, nicknamed Bluetana, can detect even the most discreet skimmers on gas pumps and bank ATMs. Developed by researchers at the University of California, San Diego and the University of Illinois Urbana-Champaign, the app can pinpoint Bluetooth-enabled skimmers while keeping pumps and cash machines intact.