The vulnerability is very serious, but difficult to exploit in practice.
Researchers have discovered an error in Bluetooth technology that allows an attacker to pair and remotely compromise two devices at a distance. Subsequently, he has the ability to intercept communications or edit the transferred files. This topic was dedicated to The Next Web.
The discovery credits include the Universities of Oxford, Singapore (SUTD) and the CISPA Computer Security Center. The vulnerability was nicknamed KNOB in accordance with "Bluetooth key negotiation".
Bluetooth officially supports the pairing method whereby the devices first agree along the communication key. There are two problems with this – the transaction process is not interrupt protected and the key size can be at least one byte.
It is theoretically enough for an attacker to break the initial pairing of the two devices by sending a single-byte key and then breaking the protection using the brute force method. For a single byte key, the total number of options is only 256.
In practice, however, it is more difficult. Both devices must be vulnerable, the attacker must be within range and must connect and block all pairing communication. This way, it should be able to block communication and send false key length messages to both devices in a very short time.
After a security breach, the attacker can do damage completely unnoticed. In addition to receiving copies of transferred files, accessing it allows, for example, to listen to voice communication from a Bluetooth headset or to change the transferred files in real time.
All devices tested are vulnerable
All devices tested like Broadcom, Apple and Intel are vulnerable to attack. This is an error in the design of the specification, which clearly allows for assumptions about the attack. The Bluetooth SIG, which manages the standard and monitors its development, has already changed specifications. The manufacturer recommends that you increase the minimum key length to seven bytes.
The vulnerabilities have been known to manufacturers since the end of last year. They gradually issue adjustments. For a more detailed description of the English attack concept or for more information on researchers, see the official knobattack.com website.