Over a billion Bluetooth-enabled devices, including smartphones, laptops, smart IoT devices, and industrial devices, have been found vulnerable to a high severity vulnerability that could allow attackers to spy on data transmitted between the two devices.
The vulnerability, assigned as CVE-2019-9506, resides in the way ‘encryption key negotiation protocol’ lets two Bluetooth BR/EDR devices choose an entropy value for encryption keys while pairing to secure their connection.
Referred to as the Key Negotiation of Bluetooth (KNOB) attack, the vulnerability could allow remote attackers in close proximity to targeted devices to intercept, monitor, or manipulate encrypted Bluetooth traffic between two paired devices.
images from Hacker News
Recent Comments