New Critical Bluetooth Security Issue Exposes Millions Of Devices To Attack

From Forbes: An alarming Bluetooth Security Notice has been issued after the disclosure of a critical vulnerability that security researchers have warned is "a serious threat to the security and privacy of all Bluetooth users." The flaw enables an "attacking device" to interfere with the connection encryption process, essentially stealing the encryption key and accessing the data traffic between target devices.

The team behind the disclosure was "surprised to discover such fundamental issues in a widely used and 20 years old standard," and criticise the ambiguity in standards enforcement and the accountability for security. We don't spend much time thinking about the security between our paired devices and the data moving between them. But this latest disclosure—and the 'update now' warning that comes with it—suggests we should start doing exactly that.

The vulnerability, which has been dubbed "Key Negotiation of Bluetooth," or "KNOB," can attack Bluetooth Classic devices 1.0 to 5.1. It was identified by researchers at the Center for IT-Security, Privacy and Accountability (CISPA) and the disclosure has been published in coordination with multiple vendors—including Microsoft, Apple, Intel, Cisco, and Amazon.

View: Article @ Source Site