A newly disclosed vulnerability (CVE-2019-9506) in the Bluetooth Core Specification can be exploited by attackers to intercept and manipulate Bluetooth communications/traffic between two vulnerable devices.
Researchers Daniele Antonioli, Nils Ole Tippenhauer and Kasper Rasmussen discovered the flaw and demonstrated a practical Key Negotiation Of Bluetooth (KNOB) attack taking advantage of it.
They also shared their discovery with the Bluetooth Special Interest Group (Bluetooth SIG), the CERT Coordination Center, and members of the International Consortium for Advancement of Cybersecurity on the Internet (ICASI), which include Intel, Microsoft, Cisco, Juniper and IBM. Most of these have already implemented the fixes required to prevent exploitation of the flaw.
The KNOB attack and its limitations
CVE-2019-9506 affects the Bluetooth BR/EDR (Basic Rate/Enhanced Data Rate) key negotiation procedure/protocol.
“The attack allows a third party, without knowledge of ..
Support the originator by clicking the read the rest link below.
