Another day, another vulnerability. Every day the internet is flooded by compromised technologies. Over the past couple years, the rate of cyber-attacks has reached such a level that according to a report, last year the number of cyber-attacks increased by 59% and the number of attacks peaked at 80 per day, with an average of 62 for the whole year.
While companies across the world are working to strengthen their cybersecurity infrastructure, Bluetooth has made its way to the news headlines with a high severity vulnerability.
What Is KNOB Attack
Recently, a group of researchers from the Center for IT-Security, Privacy and Accountability (CISPA), discovered a severe vulnerability that could affect over a billion Bluetooth-enabled devices, including smartphones, laptops, smart IoT devices and industrial devices. The flaw is assigned as CVE-2019-9506 and is tagged as KNOB (Key Negotiation of Bluetooth).
According to the researchers, the vulnerability is the Bluetooth’s authentication protocols that would allow fast-acting hackers to compromise the devices and spy on data transmitted between the two devices. Simply put, this vulnerability could allow attackers to carry out a man-in-the-middle attack. Moreover, one of the facts that make this is that attackers can exploit this vulnerability even for devices that had been previously paired.
Furthermore, according to the KNOB’s official website, any standard-compliant Bluetooth device can be expected to be vulnerable. It also reads, “We conducted KNOB attacks on more than 17 unique Bluetooth chips (by attacking 24 different devices). At the time of writing, we were able to test chips from Broadcom, Qualcomm, Apple, Intel, and Chicony manufacturers. All devices that we tested were vulnerable to the KNOB attack.”
Bluetooth SIG has also released a security notice regarding the entire event and the seriousness of the flaw. Talking about how the attack would work, they have also mentioned it in the notice.
Conditions for a successful attack:
- Both the devices have to be vulnerable
- Both the devices have to be within the range establishing a BR/EDR connection. If any of the devices are not affected by the vulnerability, the attack wouldn’t work
- Direct transmissions between devices while pairing has to be blocked
- Existing connections won’t lead to a successful attack — it has to be done during negotiation or renegotiation of a paired device connection
Disclosing its cure, the security notice has mentioned that Bluetooth SIG has started working on the flaw by updated the Bluetooth Core Specification to recommend a minimum encryption key length of 7 octets for BR/EDR connections. Furthermore, Bluetooth SIG has also stated that it would still test this new recommendation.
Not Expected From A Two-Decades-Old Standard
When a big company becomes a victim of such serious vulnerability, criticism starts to come as an add-on and why not? Over the past couple of years, cyber-attacks have been on the rise, and Bluetooth being one such tech that is available on almost every smart device, the risk of getting pwned significantly increases. Forget headphones and speaker — Bluetooth is there in your car systems, home devices etc. And this time with this vulnerability that is so alarming, things are getting worse for Bluetooth making it difficult to figure out the level of data that could be breached. However, there are no reports of any device getting hacked or exploited.
This is not the first time that Bluetooth has been on the headlines. Attackers have previously found that attacks on Bluetooth network is possible and two of the common attacks are bluesnarfing and bluejacking. And both the attacks can be carried out when Bluetooth devices remain in Discovery mode.
Looking at the current scenario, even though the Bluetooth SIG is saying that it is already in talks with its partners and companies regarding the vulnerability, and urging its users to install the recommended updates from device and operating system manufacturers, does it mean that it that the issue is solved? It would definitely take some time for the companies using Bluetooth to release security patches and remind users to update.
And although if new improvements come in Bluetooth devices, the chances would still be there. It not just the technology that is getting advanced, the reverse engineering part of it also becoming sophisticated. There it is getting more and more imperative for companies to not only release updates for their products but also run routine cybersecurity audits.