Major Bluetooth flaw exposes millions of Apple, Google and Samsung devices to attack
At Komando.com, we’ve been writing about security flaws and vulnerabilities for some time now. This year alone, several critical issues have been discovered in the devices we love, and if not for the efforts of security researchers and white hat hackers, we might not have known about them until it was too late.
Like clockwork, each new week brings new threats and discoveries from the world of cybersecurity. One issue in particular, however, has attracted the attention of researchers thanks to the sheer amount of devices it affects. A massive vulnerability was discovered in Bluetooth’s wireless communication function, and if left unaddressed, could allow hackers to break into devices without users even knowing it.
Don’t think you can just sit this security issue out, either. This critical flaw affects Bluetooth chips made by some of the most popular manufacturers on the planet. If you bought your phone in the last several years, we’re breaking down the risks you face, as well as what you can do to protect yourself.
Most popular Bluetooth chips on the market face critical vulnerability
According to new reports from security researchers at the Center for IT-Security, Privacy and Accountability, a critical vulnerability was discovered in Bluetooth chips from several of the most popular manufacturers on the market. This flaw allows hackers to shorten the encryption key of two Bluetooth devices that are connected to one another, making it vulnerable to brute-force style attacks.
Essentially, this means the secret connection key shared between two Bluetooth devices can be hacked so it’s easier for password-guessing tools to break in after multiple attempts. Longer keys require more characters to accurately guess, so shorter passwords are always easier to crack.
Keep in mind, this password is created by both devices on the back end during Bluetooth connection, so this isn’t something users have control over.
If a hacker manages to successfully break in, they can easily monitor communication between both Bluetooth enabled devices. This means they can easily check for the transmission of private data like phone calls and messages, or AirDrop files on iPhones, for example.
Researchers have dubbed the security flaw the “KNOB attack,” short for Key Negotiation of Bluetooth.
Despite not featuring an exact listing of affected devices, major chip manufacturers like Qualcomm and ARM are included under the category of “at-risk” devices, with popular systems like the iPhone X, AirPods, Samsung Galaxy S9, Google Pixel 2 and OnePlus5, and the iPad Pro 2 specifically named.
Is my device at risk? How can I protect myself?
Considering how prevalent Qualcomm and ARM chips are in the modern smartphone and tablet ecosystem, it’s highly likely you own an affected device if you purchased it in the last several years.
Your risk factors, however, are more situational than functional. According to the report, hackers can only access your devices if two affected products are communicating with one another using Bluetooth. Both devices must have the flaw in order for hackers to penetrate. As of reporting, no documented cases of hackers exploiting the KNOB Attack have been found.
But that doesn’t mean you should rest easy, necessarily. The sheer amount of at-risk devices makes this flaw unique, to say the least.
Thankfully, both Microsoft and Apple have released updates for their respective systems, so it should only be a matter of time before more device-makers roll out security updates to address the issue.
For now, to keep yourself safe, your best bet is to check and see if any updates are available for your device.
For iPhones, this can be accessed in the Settings app, under General and then Software Update.
For Androids, your updates can be found under Settings, then Advanced, followed by System Update. If you don’t see System Update on your Android device, look for About Phone.
If any new updates are available for your device, the menu will let you know and guide you through the download and installation process. Just make sure you’ve backed up your device before getting started.
We recommend our sponsor, IDrive. With IDrive, you can backup all your PCs, Macs and mobile devices into ONE account for one low cost! Go to IDrive.com and use promo code Kim to save 90% on 5 TB of cloud backup now! That’s less than $7 for the first year!
Once you’re patched against this issue, you should be safe against any aspiring hackers. If there isn’t an update for your device just yet, make sure to keep checking until one is available.
Issues like this underscore the importance of frequent updates and patches, so make sure to stay on the ball for maximum data security. We’ll continue to bring you the latest updates from the realm of cybersecurity as well, so you can stay informed about the biggest threats facing your digital life.
Tags: Apple, Apple AirPods, Apple iPhone, cybersecurity