Bluetooth vulnerability: allow a third device to spy on private conversations and obtain private information

​ 

Severe vulnerability discovered in Bluetooth standard

A new vulnerability in the Bluetooth standards has been discovered. This vulnerability is very cleverly exploited by hackers. Instead of breaking the encryption directly, hackers can force a Bluetooth device to use weaker encryption at first. Each time two Bluetooth devices are connected, they generate a new encryption key.

If a hacker enters between this setup process, it may force the two devices into a cryptographic key with a relatively small number of characters. To find the exact password, the attacker would have to carry out a very violent attack on one of the devices, but this attack can be carried out without being too violent due to the defect in the middle.

KNOB or Bluetooth key negotiation is what has been called this new vulnerability. Through this system, a third party could listen to a conversation, intercept content or inject a malware. This vulnerability would be present in almost twenty chips manufactured by Apple, Qualcomm, Intel, Broadcom and other companies in the sector.

You don't need to worry right now

It seems that most people using Bluetooth devices don't have to worry. To accomplish this attack, a hijacker must be present during the connection of Bluetooth devices, while determining the length of the encryption key, each device must block its initial transmission and broadcast its own messages at this connection moment. Of course, this event should take place in a very short time. The hacker also has to re-enter the network every time.

Only the older Bluetooth version device can be intercepted

This defect is only found in devices with traditional Bluetooth technology. Some Bluetooth devices even have protection against this (if they have hard-coded encryption). Unfortunately, the organization behind Bluetooth cannot cover this vulnerability, but is trying to provide future protection by offering a minimum password length to vulnerable devices.

For now, no evidence has been found that the vulnerability was used as a “malicious” one. This vulnerability was discovered by a group of researchers presenting their papers at the USENIX Security Symposium.

	Extensive Product Selection ● Over 300,000 products ● 20 different categories ● 15 local warehosues ● Multiple top brands		Convenient Payment ● Global payment options: Visa, MasterCard, American Express ● PayPal, Western Union and bank transfer are accepted ● Boleto Bancario via Ebanx (for Brazil)
	Prompt Shipping ● Unregistered air mail ● Registered air mail ● Priority line ● Expedited shipping		Dedicated After-sales Service ● 45 day money back guarantee ● 365 day free repair warranty ● 7 day Dead on Arrival guarantee (DOA)