Our everyday devices are Bluetooth enabled including smart IoT devices and industrial devices. Billions of these devices are highly vulnerable making it easy to intercept data between two connected devices. Before two Bluetooth enabled devices can connect, they engage in an encryption key negotiation protocol. A value for encryption is selected to ensure a secure pairing. This vulnerability is located at this part of the Bluetooth connection process - known as KNOB (Key Negotiation of Bluetooth) attack.
You don't get your privacy or data breached by Google, Apple etc - hackers are around too!
What can be done with this security breach
It could easily allow an attacker to remotely close proximity to targeted devices to intercept, monitor and manipulate the traffic between the paired devices. With this, your personal data and privacy can be compromised. You are probably wondering how this is going to be possible. You can argue that Bluetooth is designed for relatively short distances. For example: streaming audio to headsets or portable speakers. However, this connection is not entirely secured as it can be hijacked over the wireless communication system using a brute-force attack.
How it works?
This vulnerability basically allows a remote hacker to deceive the two devices into accepting an encryption key with only 1 byte of cryptography. Why 1 byte? - the encryption key of a Bluetooth connection is between 1 and 16 bytes. The higher the number, the more secure your encryption will be. Since the value is low here, the attacker can easily infiltrate your connection. Once this happens the attacker can easily capture messages over the Bluetooth traffic passively, hence using the man-in-the-middle attack.
Regardless of all this, there is a way to ruin the attacker's party.
1. Putting your Bluetooth off when you are not using it - a habit very important to adopt this era.
2. Constantly updating your device software to get a patch for the vulnerability.
Again this is how the attack can be successful according to Bluetooth.
"For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were establishing a BR/EDR connection. If one of the devices did not have the vulnerability, then the attack would not be successful. The attacking device would need to intercept, manipulate, and retransmit key length negotiation messages between the two devices while also blocking transmissions from both, all within a narrow time window. If the attacking device was successful in shortening the encryption key length used, it would then need to execute a brute force attack to crack the encryption key. In addition, the attacking device would need to repeat the attack each time encryption gets enabled since the encryption key size negotiation takes place each time."
If you are someone whose privacy is important, you will want to take this into consideration. Aside hackers, we get our data breached by ISPs, governments and social network owners. Apple recently apologized for listening to recordings from Siri following a similar fate by Google and Alexa. We can also start by taking measures to protect ourselves. I made a post on how to surf the internet anonymously, check it out here.