While taking a phone call with Bluetooth wireless headphones on or typing notes using a Bluetooth keyboard or even checking emails on the Smartwatch have you ever thought that your information is accessible to hackers?<\/p>\n
<\/p>\n
Research in recent times identifies a fundamental flaw\u00a0\u00a0in the Bluetooth standard, affecting every\u00a0device having Bluetooth capabilities covering a huge range of laptops, tablets, smart IoT devices, smartphones and industrial devices which allows attackers to spy on the data as well as intercept the link established between any Bluetooth devices. The vulnerability in the Bluetooth protocols may provide an attacker with the scope of intercepting and decrypting the so-called \u201csecure communication\u201d.<\/p>\n
<\/p>\n
This sort of attack allows the attacker to make two or multiple victims\u00a0agree on an encryption key with only 1 byte<\/a>, even without possessing any secret links or encryption keys. Owing to low entropy levels, the third party can easily brute force the negotiated encryption keys and decrypt the ciphertext and even change the content. However, the potential\u00a0harm is considerably low in the case of music or audio over Bluetooth<\/a>. This type of attack is termed as Key Negotiation of Bluetooth(KNOB)\u00a0attack.<\/p>\n \u00a0<\/strong><\/p>\n Bluetooth Classic is a wireless technology standard that has been designed to cater to relatively a short-range, continuous wireless connection such as streaming audio to headsets or portable speakers. It is also popularly termed as Bluetooth BR\/EDR (Basic Rate\/Enhanced Data Rate) with its\u00a0core specification supporting\u00a0\u00a0encryption keys with entropy between 1 and 16 bytes\/octets<\/a>, where the higher value indicates enhanced security. <\/p>\n However, for an attack to be successful requires\u00a0\u00a0both Bluetooth devices to establish a BR\/EDR a connection\u00a0which means\u00a010 meters for most Bluetooth devices but theoretically, up to 400 meters when both devices support<\/a>\u00a0Bluetooth 5\u00a0and both\u00a0should be vulnerable to this flaw. Moreover, the attacker while pairing the devices should be able to block direct transmissions between devices and the\u00a0attack must be performed during negotiation or renegotiation of a paired device connection as existing sessions are beyond the scope of any attack. The entire attack has to be carried out within a short time\u00a0frame and the hacker has to repeat this attack every time the devices are paired. The encryption key has to be short and then brute-forced to get the decryption key.<\/p>\n The Bluetooth SIG recommends the product developers to update existing solutions and have a minimum encryption key length of 7 octets for BR\/EDR connections. The major platform vendors across the globe like Microsoft, Cisco, Blackberry, Apple, Google have\u00a0started to\u00a0release security updates in their OS<\/a>\u00a0to mitigate the KNOB attack.\u00a0However, A10 Networks, Juniper, Intel Corporation, Oracle and Vmware are still not affected.<\/p>\n <\/p>\n In the latest developments,\u00a0Apple has mitigated KNOB attack\u00a0<\/a>in macOS 10.14.6 Mojave, Security Update 2019-004 for Sierra and High Sierra, iOS 12.4, watchOS 5.3, and tvOS 12.4. Google has patched the KNOB update in the August 2019 security release and Microsoft has also issued fixes for the issue. Cisco has further released updates for Webex and some Cisco IP phones.<\/p>\n <\/p>\n Now as the range of the distance needed for this attack is less, the home environment provides a relatively safer environment, while in public places like airports, railway stations, shopping malls, restaurants it is better to turn off your Bluetooth devices. Another serious issue nowadays is monitoring of your shopping patterns by retailers by\u00a0placing Bluetooth beacons in-store<\/a>.<\/p>\n <\/p>\n
\nThe loophole lies in the entropy negotiation, where devices performing\u00a0\u00a0over the Link Manager Protocol (LMP) is neither encrypted nor authenticated and can be hijacked or altered the over-the-air interface.<\/p>\n