With technology advancing day by day, cyber-attackers too are finding innovative ways to get into our devices.
Researchers discovered that Bluetooth-enabled devices, including mobile phones, IoT devices, and laptops are potentially vulnerable to a flaw that could allow attackers to spy and even alter user’s data that’s transferred via Bluetooth.
The vulnerability, dubbed as Key Negotiation of Bluetooth (KNOB) attack, enables remote hackers to intercept and manipulate encrypted Bluetooth content among paired devices. However, the attacker should have to be near you in order to launch a KNOB attack, according to the security researchers from the Singapore University of Technology and Design and the University of Oxford.
“A remote attacker can manipulate the entropy negotiation to let any standard-compliant Bluetooth device negotiate encryption keys with 1 byte of entropy and then brute force the low entropy keys in real-time,” the researchers said in a statement.
“We found and exploited a severe vulnerability in the Bluetooth specification that allows an attacker to break the security mechanisms of Bluetooth for any standard-compliant device. As a result, an attacker is able to the listen, or change the content of, nearby Bluetooth communication, even between devices that have previously been successfully paired,” the statement added.
A similar research revealed that attackers can hack modern audio gadgets to make deafening sounds. According to Matt Wixey, a cybersecurity researcher at technology consulting firm PWC UK, attackers can build a custom-made malware to induce it on connected speakers to produce deafening sounds at high intensity, turning them into offensive cyber-weapons.
Wixey explained that his team has tested different kinds of connected speakers, including laptops speakers, headphones, and mobile phone speakers for research purposes. The researcher stated that aural attacks could cause tinnitus or even lead to psychological changes.