Skip to content

Discerning Data

  • About Us
  • Additional Resources
  • Contact Us

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy

  • Privacy
  • Cybersecurity
  • Data Strategy
  • Disruptionware

Newly-Discovered Vulnerability Highlights the Security Concerns Surrounding Bluetooth Technology

Share

A recent report by researchers at the Helmholz Center for Information Security (CISPA), Singapore University of Technology and Design, and the University of Oxford has revealed that Bluetooth technology is vulnerable to a new type of hacking which allows for an attacker to carry out data theft on a Bluetooth-enabled device without the user’s knowledge or permission so long as the cyber-criminal is within Bluetooth range of the targeted device.

Bluetooth technology allows your mobile phone to communicate with other Bluetooth-enabled devices, such as your wireless headphones, portable speakers, smart watches, or even your car. Bluetooth technology works by using radio waves instead of wires or cables to connect or pair multiple Bluetooth-enabled devices. The most common type of Bluetooth technology used by most consumer-level digital devices has a range of about 10 meters, or 33 feet. There are now literally billions of Bluetooth enabled devices in the world. However, Bluetooth technology traditionally has long been considered relatively unsafe from a data security perspective.

The research report outlines a new Bluetooth security vulnerability, known as a “Key Negotiation of Bluetooth” or “KNOB” attack. According to the report, a KNOB attack allows a hacker to funnel data streaming between Bluetooth-connected devices – whether it be the music you are listening to on your wireless headphones, or the words you type on a Bluetooth-enabled keyboard. Perhaps more disturbingly, a KNOB attacker can “pair” with a user’s device without the user’s knowledge or permission, if within range of the targeted device.

A KNOB attack works by conducting what is known as an “entropy attack” against the targeted Bluetooth device, making the device extremely vulnerable to a brute force attack. The report indicates that devices manufactured by companies such as Intel, Broadcom, Apple, Cisco, Microsoft and Qualcomm may be particularly susceptible to a KNOB attack.

There are a number of straightforward ways to defend Bluetooth-enabled devices from a KNOB attack. First, the user can simply turn off the Bluetooth functionality on a device. Second, a user should regularly check any Bluetooth-enabled devices to view what other devices they are paired with. If a device is paired with another device that one does not recognize, or does not belong to the user, it is recommended to immediately disconnect from (also known as to “forget”) the unrecognized device. Finally, and most importantly, users can ensure that their devices have recently been patched and have the most up-to-date security upgrades. Many manufacturers whose devices are susceptible to KNOB attacks are aware of the new vulnerability and have sent or can be expected to soon be sending out security patches to address this new security concern.

The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.

About the Author: Jason G. Weiss

Jason G. Weiss leverages a past career as a cybersecurity and computer forensics Supervisory Special Agent with more than 22 years of decorated service at the FBI to guide clients through the complex and high-stakes issues associated with cybersecurity incident preparedness and response and compliance. View Jason's full bio on the Faegre Drinker website.

Receive Email Alerts to New Articles

SUBSCRIBE

September 9, 2019
Written by: Jason G. Weiss
Category: Privacy
Tags: bluetooth, data privacy, data security

Post navigation

Previous Previous post: NIST Unveils IoT Baseline of Core Cybersecurity Features for Comment
Next Next post: Failure to Respect Patient’s Right to Access Health Care Information Leads to HIPAA Settlement

Search the Blog

Sign Up for Email Alerts

PODCASTS

Faegre Drinker on Law and Technology

©2023 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

  • About Us
  • Additional Resources
  • Contact Us
We use cookies to improve your experience with our website. By browsing our site, you are agreeing to the use of cookies. For more information about how we use cookies, please review our privacy policy and cookie policy. OK
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT