Bluetooth vulnerability: allow a third device to spy on private conversations and obtain private information
By Adan Flannigan 2019-08-19 872 0
Severe vulnerability discovered in Bluetooth standard
A new vulnerability in the Bluetooth standards has been discovered. This vulnerability is very cleverly exploited by hackers. Instead of breaking the encryption directly, hackers can force a Bluetooth device to use weaker encryption at first. Each time two Bluetooth devices are connected, they generate a new encryption key.
If a hacker enters between this setup process, it may force the two devices into a cryptographic key with a relatively small number of characters. To find the exact password, the attacker would have to carry out a very violent attack on one of the devices, but this attack can be carried out without being too violent due to the defect in the middle.
KNOB or Bluetooth key negotiation is what has been called this new vulnerability. Through this system, a third party could listen to a conversation, intercept content or inject a malware. This vulnerability would be present in almost twenty chips manufactured by Apple, Qualcomm, Intel, Broadcom and other companies in the sector.
You don't need to worry right now
It seems that most people using Bluetooth devices don't have to worry. To accomplish this attack, a hijacker must be present during the connection of Bluetooth devices, while determining the length of the encryption key, each device must block its initial transmission and broadcast its own messages at this connection moment. Of course, this event should take place in a very short time. The hacker also has to re-enter the network every time.
Only the older Bluetooth version device can be intercepted
This defect is only found in devices with traditional Bluetooth technology. Some Bluetooth devices even have protection against this (if they have hard-coded encryption). Unfortunately, the organization behind Bluetooth cannot cover this vulnerability, but is trying to provide future protection by offering a minimum password length to vulnerable devices.
For now, no evidence has been found that the vulnerability was used as a “malicious” one. This vulnerability was discovered by a group of researchers presenting their papers at the USENIX Security Symposium.
Extensive Product Selection● Over 300,000 products ● 20 different categories ● 15 local warehosues ● Multiple top brands | Convenient Payment● Global payment options: Visa, MasterCard, American Express ● PayPal, Western Union and bank transfer are accepted ● Boleto Bancario via Ebanx (for Brazil) | ||
Prompt Shipping● Unregistered air mail ● Registered air mail ● Priority line ● Expedited shipping | Dedicated After-sales Service● 45 day money back guarantee ● 365 day free repair warranty ● 7 day Dead on Arrival guarantee (DOA) |
HOT
-
i12 TWS vs. Apple AirPods: are the latest cheaper AirPods clone your best alternatives?
2019-03-07By GB Blog Official
-
Redmi AirDots vs. Xiaomi Mi AirDots: same true wireless earbuds at half the price?
2019-03-20By GB Blog Official
-
TF card vs SD card: what is it and 9 easy ways to help you tell their differences
2019-06-20By Goraud Mazanec
-
The Xiaomi M365 Electric Scooter - speed, battery life & operation
2017-07-18By Felicity Rosa
-
Xiaomi Mi Airdots Pro vs. Mi AirDots: are the new true wireless earbuds worth an upgrade?
2019-01-25By GB Blog Official
-
Huawei Band 4 vs Honor Band 5 vs Xiaomi Mi Band 4: Full Specifications Compare
2019-12-10By Joe Horner
Related Products
Prev article:DJI Mavic 2 Pro vs DJI Mavic Air vs DJI Spar: which one is suitable for you?
Next article:Xiaomi Mi 9T Pro vs Xiaomi Mi 9T: 5 details that you have taken into account and that very few know