Tech Vulnerability: Hackers Now Able To Spy On Private Conversation Via Bluetooth Connections

Everyone with a smartphone rather a device that is Bluetooth enabled has or is using the software as the most convenient mode of connecting and controlling devices at a range or some sharing files and documents.

However, according to a recent tech report, a vulnerability known as the KNOB (Key Negotiation of Bluetooth) attack has been found in Bluetooth connections by coders.

According to the tech experts and coders report, all the Bluetooth compliant devices can be affected by the vulnerability, which allows attackers to spy on a victim’s personal conversations.  In the newfound glitch, hackers can easily exploit the vulnerability and manipulate the data present on the compromised device.

“While establishing a functional Bluetooth connection, both the devices rely upon an encryption key. Therefore,
in order to execute the attack, hackers exploit the vulnerability in the Bluetooth standard and weaken this encryption of Bluetooth devices instead of breaking it straightaway.” reads part of the report.

The attacker gets in the way while the devices are setting up the encryption key and resorts to brute force attack for breaking the new key with less number of digits and manipulates both the devices to employ the new encryption key.

A Report by Mashable states that the vulnerability affects almost all the devices namely, Apple, Qualcomm, and Intel. However, giant companies like Apple, Microsoft, Cisco, Google, Blackberry, Broadcom and Chicony have already issued a patch to fix the glitch.

“We found and exploited a severe vulnerability in the Bluetooth specification that allows an attacker to break the security mechanisms of Bluetooth for any standard-compliant device. As a result, an attacker is able to listen, or change the content of, nearby Bluetooth communication, even between devices that have previously been successfully paired.” The group of researchers from the Singapore University of Technology and Design, University of Oxford, and CISPA Helmholtz Center for Information Security, who found this vulnerability said