Exploiting the KNOB vulnerability would also be hard because both devices need to be Bluetooth BR/EDR, the attacker would need to be within range of the devices while they establish a connection and the attack would also need to be repeated every time the devices paired.
A group of security researchers have discovered a critical security vulnerability in the Bluetooth wireless communication protocol, which leaves millions of devices vulnerable to attacks. According to researchers Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen, however, it has a serious security flaw in its core design: A means by which an attacker can reduce the entropy of a negotiated encryption key to just one byte, making it trivially crackable using brute-force approaches and allowing them to monitor supposedly-private communications. The attack targets the firmware of the Bluetooth chip because the firmware (Bluetooth controller) implements all the security features of Bluetooth BR/EDR.
A Bluetooth vulnerability has been uncovered that could make it simpler for a hacker to intrude on devices, a standards organisation has said.
Thankfully, this particular vulnerability is not easy to exploit.
For years, Bluetooth connections had stood out for their effectiveness and security, something they could boast, until today. In fact, they expect any standard-compliant Bluetooth device to be vulnerable. The information can affect smartphones, computers, cars, speakers, wearables, IoT devices and many more.
In response, standards group Bluetooth Special Interest Group (SIG) has updated its specification to recommend a minimum encryption key length.
"The Bluetooth SIG will also include testing for this new recommendation within our Bluetooth Qualification Program". Bluetooth SIG has announced that companies should provide updates that hand out Bluetooth encryption keys that are at least 7 octets, or seven characters. Therefore, you are urged to update all of your Bluetooth enabled devices to the latest software version available at the moment of writing. Once this is done, the attacker will try out all the combinations and use brute force for pairing with the device.