Featured Image Credit: Image by 200 Degrees from Pixabay
Apple Blocks KNOB Attack on Bluetooth
Researchers have discovered a serious security vulnerability that afflicts all Bluetooth devices. Dubbed the Key Negotiation of Bluetooth (KNOB) Attack, it enables an attacker to force two connecting Bluetooth devices to use a one-byte encryption key, which is trivially easy to break. After breaking the key, the attacker can intercept all traffic exchanged between the devices.
The good news is that exploiting KNOB requires the attacker to be within Bluetooth range of two vulnerable devices, which means 10 meters for most Bluetooth devices but theoretically up to 400 meters when both devices support Bluetooth 5. It also requires precision timing to intercept and modify the key exchange process. Even more important, Apple has already mitigated this vulnerability in macOS 10.14.6 Mojave, Security Update 2019-004 for Sierra and High Sierra, iOS 12.4, watchOS 5.3, and tvOS 12.4. Google and Microsoft have also issued fixes for the issue.
I’m guessing this affects my old iPod Nano (7th gen) when it talks to my car. There hasn’t been a software update to the iPod in ages, and I wonder if Apple will even consider addressing this vulnerability. If I have to drive without my music I’ll go nuts.
I’m confident that they won’t. Details concerning the likelihood of the vulnerability being exploited and the impact haven’t yet been scored at NVD - CVE-2019-9506, but from the description it appears to be low and who really cares if their music is being intercepted? I don’t think it’s worth spending time being concerned about it.