New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections
Aug 14, 2019
Over a billion Bluetooth-enabled devices, including smartphones, laptops, smart IoT devices, and industrial devices, have been found vulnerable to a high severity vulnerability that could allow attackers to spy on data transmitted between the two devices. The vulnerability, assigned as CVE-2019-9506 , resides in the way 'encryption key negotiation protocol' lets two Bluetooth BR/EDR devices choose an entropy value for encryption keys while pairing to secure their connection. Referred to as the Key Negotiation of Bluetooth ( KNOB ) attack, the vulnerability could allow remote attackers in close proximity to targeted devices to intercept, monitor, or manipulate encrypted Bluetooth traffic between two paired devices. The Bluetooth BR/EDR (Basic Rate/Enhanced Data Rate, also known as "Bluetooth Classic") is a wireless technology standard that has typically been designed for relatively short-range, continuous wireless connection such as streaming audio to headsets...