Experts have discovered a vulnerability in devices with Bluetooth

25

It allows you to manipulate the data.

Vulnerability in Bluetooth, called KNOB, facilitates the selection of the encryption key used during the connection devices, and allows you to manipulate data transmitted between the two devices. The problem affects devices that support Bluetooth BR/EDR (Classic Bluetooth) with the specification versions 1.0 — 5.1.,the Chronicle reports.info with reference to internetua.com.

The vulnerability (CVE-2019-9506) allows an attacker to reduce the length of the encryption key used for the connection. In some cases, the key length can be reduce to one octet. Thanks to this attacker will be much easier to implement brute force attack to find the encryption key used by the devices when connected to each other.

Having obtained the key, the attacker can manipulate transmitted data between devices, including commands to implement, monitor, keystrokes, etc.

To remember proekspluatirovat the vulnerability is not so easy, and for the implementation of the attack requires certain conditions. First, both devices must support Bluetooth BR/EDR. Second, during the connection of devices to each other, the attacker must be nearby. Third, the attacking device should have time to intercept, manipulate and re-transmit messages on the harmonization of the length of the key between the two devices and simultaneously prevent the transmission from both.

In addition, for obtaining the encryption key is not enough to shorten its length, should it successfully break in. Attack is required to repeat at every subsequent connection of devices.

Information about exploitation in real attacks are not currently available.

LEAVE A REPLY

Please enter your comment!
Please enter your name here