Critical Bluetooth flaw opens millions of devices to eavesdropping attacks
Security researchers have uncovered a serious flaw in the Bluetooth Core Specification that can enable attackers to capture and meddle with Bluetooth communications between impacted devices. The vulnerability, tracked as CVE-2019-9506, has already been fixed in many devices.
According to the research report[pdf], the Key Negotiation Of Bluetooth (KNOB) attack “allows a third party, without knowledge of any secret material (such as link and encryption keys), to make two (or more) victims agree on an encryption key with only 1 byte (8 bits) of entropy. Such low entropy enables the attacker to easily brute force the negotiated encryption keys, decrypt the eavesdropped ciphertext, and inject valid encrypted messages (in real-time).”
The researches believe that all standard-compliant Bluetooth devices are affected by the flaw. However, the attack can only be carried out if the threat actor is within the wireless range of vulnerable devices; while a Bluetooth connection is being established; within a narrow time window; and if both of the communicating devices are vulnerable.