Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Bluetooth flaw leaves everyone vulnerable to terrifying KNOB attack

The Bluetooth specification has been changed after security researchers discovered a vulnerability that enabled connections to be gatecrashed.

The Bluetooth SIG body acknowledged the possibility of Key Negotiation of Bluetooth, or KNOB, attacks, which could enable a bad actor to bypass the usual permissions protocol for pairing devices, which depends on both devices agreeing to the connection.

In a security notice published by the Bluetooth SIG, the organisation explained that an attacking device could reduce the length of the encyption key required to pair devices right down to single character.

From here, it would be possible to spy on data shared between two-devices simply by trying every available single character until the correct encryption key was used. The vulnerability even stretched to devices that had been previously paired, the researchers said.

It’s not known whether the method had ever been used by attackers to access device connections, but the Bluetooth SIG says there’s no evidence of it happening. Regardless, the likes of Microsoft and Apple have already patched their products to negate the problem.

Related: Best Bluetooth speakers 2019

In truth, it would take some remarkable circumstances for the flaw to be truly exploited, because the attacker would need to be in range and blow Bluetooth classic devices were vulnerable to the flaw.

“The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used,” the Bluetooth SIG wrote in the notice.

“In addition, since not all Bluetooth specifications mandate a minimum encryption key length, it is possible that some vendors may have developed Bluetooth products where the length of the encryption key used on a BR/EDR connection could be set by an attacking device down to a single octet.

“In addition, the researchers identified that, even in cases where a Bluetooth specification did mandate a minimum key length, Bluetooth products exist in the field that may not currently perform the required step to verify the negotiated encryption key meets the minimum length. In such cases where an attacking device was successful in setting the encryption key to a shorter length, the attacking device could then initiate a brute force attack and have a higher probability of successfully cracking the key and then be able to monitor or manipulate traffic.”

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.