The Bluetooth SIG, the organization that sets standards for Bluetooth communication technology, has issued a security advisory about a critical vulnerability that allows malicious actors to interfere with the Bluetooth pairing procedure.
The Key Negotiation of Bluetooth (or KNOB) attack, as researchers have dubbed it, allows attackers to shorten the length of the connection’s encryption key, which they say poses "a serious threat to the security and privacy of all Bluetooth users."
Researchers at the Center for IT-Security, Privacy and Accountability (CISPA) found that it’s “possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used,” Bluetooth SIG wrote.
“In such cases where an attacking device was successful in setting the encryption key to a shorter length, the attacking device could then initiate a brute force attack and have a higher probability of successfully cracking the key and then be able to monitor or manipulate traffic,” the team wrote.
Patching the flaw
The researchers who uncovered the flaw found that "all tested devices" from Bluetooth chips from manufacturers such as Intel, Broadcom, Apple, and Qualcomm were vulnerable to the KNOB attack.
To mitigate the risk of attack, companies have been asked to update their devices to ensure a minimum length requirement of seven characters for encryption keys.
“The Bluetooth SIG will also include testing for this new recommendation within our Bluetooth Qualification Program,” the group said. “In addition, the Bluetooth SIG strongly recommends that product developers update existing solutions to enforce a minimum encryption key length of 7 octets for BR/EDR connections.”