Skip to main content

Critical Bluetooth security bug discovered. Protect yourself with a quick update

Researchers have discovered a major new security flaw in Bluetooth, which could leave millions of devices at risk of a malicious hack.

The security vulnerability, which was recently discovered by a team at the Center for IT-Security, Privacy, and Accountability (CISPA), essentially allows an attacker to interfere when two devices try to connect, allowing a hacker to “break” Bluetooth security without anyone knowing.

Recommended Videos

That could allow a hacker to funnel data from any connected devices — from the music you hear through your headphones to the words you type on a Bluetooth keyboard — as long as they are within range.

Please enable Javascript to view this content

Researchers have named the exploit KNOB — Key Negotiation of Bluetooth — since it can occur when two devices are “negotiating” a secure connection.

“The KNOB attack is a serious threat to the security and privacy of all Bluetooth users,” the researchers wrote in a paper released Tuesday. “We were surprised to discover such fundamental issues in a widely used and 20 years old standard.”

The issue is so serious that Bluetooth SIG,  the international body in charge of standards for Bluetooth connections, issued a security warning and has already released a fix — though it’s up to manufacturers to implement it.

“We evaluate our implementation on more than 14 Bluetooth chips from popular manufacturers such as Intel, Broadcom, Apple, and Qualcomm,” the researchers wrote. “Our results demonstrate that all tested devices are vulnerable to the KNOB attack.”

While there’s no sign that anyone has used this exploit to hack someone’s devices, it leaves nearly every Bluetooth device vulnerable. If you have a Bluetooth device, you should make sure that you update it to the latest drivers as soon as possible.

How to protect yourself from the KNOB attack

Luckily, most of the affected chip manufacturers, like Intel and Apple, have already implemented a fix and pushed out a new security update. Here are the potentially affected companies and how you can update your hardware:

Regardless of whether there’s been a newly discovered exploit, it’s always a good idea to keep your software and firmware up-to-date. Having the latest security updates can protect you from any potential hacks and keep your data — and devices — safe.

Mathew Katz
Former Digital Trends Contributor
Mathew is a news editor at Digital Trends, specializing in covering all kinds of tech news — from video games to policy. He…
There’s a major Android bluetooth security flaw. Here’s how to fix it
Android

Looks like it's time to check if you have an Android security update available to your phone. A new security flaw has been discovered in Android -- and this time, it uses Bluetooth to allow access to your phone.

The flaw, called BlueFrag, takes advantage of Bluetooth in Android 8 and 9, and it basically allows hackers to execute code on your device. The result? Hackers can fully access anything stored on your phone, and install malware without your knowledge.

Read more
Upcoming OnePlus Watch 3 might have a rotating crown
Third part watch face on OnePlus Watch 2r.

After a less-than-exciting launch with the OnePlus Watch 2, it's time for a change — and hopefully, a wearable that more closely matches modern devices. We expect the OnePlus Watch 3 to release on January 7, but now new details suggest it might come with a rotating crown.

This update is a big win for OnePlus Watch fans. The crown has been a long-requested feature that will make it easier to navigate through the interface, and improved sensors give access to ECGs and other features that were missing in the previous generation, according to Yogesh Brar.

Read more
Google proposes big changes for the future of Search and Android apps
Google Chrome on an Android phone.

Google’s ongoing antitrust tussle spawned a list of sweeping policy suggestions — including a proposed sale of the Chrome business — by the Department of Justice. The focus of the lawsuit centers on the Search monopoly, but it has serious ramifications for Android and the overall browser situation.

Now, Google has shared its own “remedies proposal” to the DOJ’s recommendations, which it claims are going “far beyond what the Court’s decision is actually about.”

Read more