Researchers at Oxford University, CISPA Helmholtz Information Security Center and Singapore University of Technology and Design have found a security flaw in Bluetooth authentication protocols that could weaken the encryption of information exchanged between paired devices. The vulnerability could allow an attack and the interception and alteration of files in transit and messages, as well as remote control of a device.
The encryption failure was presented during the 28th USENIX Security Symposium, which took place last week in the city of Santa Clara, California, United States. The attack allowed by the vulnerability was called KNOB, short for "Key Negotiation Of Bluetooth." So far no evidence is known that the security breach has been misused.
With this security breach, the hacker could insert his own files into the transfer or spy on the transferred data. The KNOB attack is especially harmful because its victims do not realize they are being compromised, and it does not violate the Bluetooth DR / EDR specification, which allows keys with only one byte of entropy.
However, there is good news. KNOB is apparently complicated because the attacker device would need to be present when connecting via Bluetooth and within range of the wireless network. Also, if one of the devices does not fail, the attack will not be successful. Also, the security breach only applies to traditional Bluetooth devices. Bluetooth SIG has updated the specification, recommending that manufacturers use at least seven bytes of entropy going forward.
Comentários
Enviar um comentário