A vulnerability in Bluetooth’s wireless standard has been discovered by researchers which could allow attackers to intercept keystrokes, address books, and other sensitive data.
The vulnerability, named ‘Key Negotiation of Bluetooth’, potentially allows attackers to affect the length of encryption keys, even reducing them down to a single digit, making fraudulent access to connected devices much easier.
The report notes that ‘the attack is standard-compliant because all Bluetooth BR/EDR versions require to support encryption keys with entropy between 1 and 16 bytes and do not secure the key negotiation protocol. As a result, the attacker completely breaks Bluetooth BR/EDR security without being detected’.
Although breaking the BR/EDR protocol is dependent on both devices having the vulnerability, if successfully executed it would allow hackers an opportunity to intercept, access and alter exchanges between devices.
In response to this flaw, Bluetooth have released a statement and security notice suggesting there had been ‘no evidence that the vulnerability has been exploited maliciously’. It also outlined an update to the Bluetooth Core Specification which would promote a minimum encryption key length of 7 octets for BR/EDR connections.
We would always advise patching with the latest updates, but there are also some useful links from companies that have released updates mitigating against this vulnerability.