Researchers have discovered a serious security vulnerability that afflicts all Bluetooth devices. Dubbed the Key Negotiation of Bluetooth (KNOB) Attack, it enables an attacker to force two connecting Bluetooth devices to use a one-byte encryption key, which is trivially easy to break. After breaking the key, the attacker can intercept all traffic exchanged between the devices.
The good news is that exploiting KNOB requires the attacker to be within Bluetooth range of two vulnerable devices, which means 10 meters for most Bluetooth devices but theoretically up to 400 meters when both devices support Bluetooth 5. It also requires precision timing to intercept and modify the key exchange process. Even more important, Apple has already mitigated this vulnerability in macOS 10.14.6 Mojave, Security Update 2019-004 for Sierra and High Sierra, iOS 12.4, watchOS 5.3, and tvOS 12.4. Google and Microsoft have also issued fixes for the issue.