Saturday, September 7, 2024
HomeBluetoothNew Bluetooth Vulnerability Allow Hackers to Intercept The Encrypted Traffic & Spy...

New Bluetooth Vulnerability Allow Hackers to Intercept The Encrypted Traffic & Spy on the Devices

Published on

Researchers discovered a severe privilege escalation vulnerability in Bluetooth let unauthenticated attackers intercept and monitor the encryption traffic between two paired devices.

The bug discovered in Bluetooth BR/EDR encryption connection, in which an attacker reduces the encryption key length and perform a brute-force attack to decrypt communications between the devices.

Bluetooth BR/EDR ( Basic Rate/Enhanced Data Rate) is used for low-power short-range communications, and the encrypted connection can be established by pairings the two Bluetooth devices and establish a link key that is used to generate the encryption key.

- Advertisement - EHA

Here the Key Negotiation of Bluetooth (KNOB) attack comes into play that an attacker can force two Bluetooth devices to use as low as 1 byte of entropy and reduce the key length.

Researchers from CISPA (Center for IT-Security, Privacy and Accountability) identified that, even in cases where a Bluetooth specification did mandate a minimum key length, Bluetooth products exist in the field that may not currently perform the required step to verify the negotiated encryption key meets the minimum length.

In this way, an attacker reduces the encryption key length and initiate a brute force attack to crack the key and intercept the traffic and monitor the paired device communication.

Certain Requirements Needs to Intercept the Traffic

In order to perform the successful attack, some of the following requirements need to meet even if the attacker gains the encryption key.

1. Both targetted devices should be vulnerable to the Key Negotiation of Bluetooth (KNOB) attack.

2. Attacking device would need to be within wireless range of two vulnerable Bluetooth devices.

3. At the same time, two vulnerable Bluetooth devices must be establishing a BR/EDR connection.

4. One of the paired devices did not have the vulnerability then the attack is not possible.

5. Within a narrow time window, Attacking device would require to manipulate the traffic, retransmit key length negotiation messages between the two devices, needs to blocking transmissions from both devices.

6. Even if the attacker Shorten the encryption key length, he needs to perform a brute force attack to crack the encryption key that would allow decrypting all of the traffic between the devices during that session.

“There is no evidence found that the vulnerability being exploited and, to remedy the vulnerability, the Bluetooth SIG has updated the Bluetooth Core Specification to recommend a minimum encryption key length of 7 octets for BR/EDR connections,” Bluetooth said.

You can also refer to this whitepaper which elaborates the complete research of Key Negotiation Of Bluetooth (KNOB) attack.

Bluetooth BR/EDR Core v5.1 and earlier is vulnerable and the Top-order vendors including Google, Microsoft, and Apple has been released a patch for Vulnerability – Android, WindowsmacOS.

Sponsored:  – Manage all the Endpoint networks from a single Console.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Also Read:

BLEEDINGBIT – Two Bluetooth Chip-level Vulnerabilities Affected Millions of Enterprise Wi-Fi Access Point Devices

Hackers Nearby can Hijack Bluetooth Titan Security Keys – Google Replacing it for Free

CarsBlues Bluetooth Hack Allows Hackers to Access Text Messages, Call Logs and More

Critical BlueBorne Vulnerability Puts More Than 5 Billion Bluetooth Enabled Devices Under Attack

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion

NoiseAttack is a new method of secretly attacking deep learning models. It uses triggers...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

BLUFFS: Six New Attacks that Break Secrecy of Bluetooth Sessions

Six novel Bluetooth attack methods have been discovered, which were named BLUFFS (Bluetooth Forward...

BRAKTOOTH – New Bluetooth Bugs Let Hackers Perform ACE & DoS Attack On Millions of Devices

Recently, the Singapore University of Technology and Design has published details of more than...

7 New Bugs in Bluetooth Let Hackers Impersonate As Legitimate Device & Launch DDoS Attacks

Bluetooth is currently used in millions of devices, and the Carnegie Mellon CERT Coordination...