Security researchers has announced a major vulnerability in the Bluetooth specification that allows hackers to not only listen in on the data being sent between two devices but clandestinely alter it as well, tech website Mashable reported.
It turns out that the frustratingly buggy way to pair speakers, printers, and numerous other third-party devices with your smartphone or computer can’t keep a secret,
“[An] attacker is able to listen in on, or change the content of, nearby Bluetooth communication, even between devices that have previously been successfully paired,” the researchers explain.
Dubbed the KNOB attack, the vulnerability affected every single standard-compliant Bluetooth device tested by a group consisting of security researchers from the Singapore University of Technology and Design, University of Oxford, and CISPA Helmholtz Center for Information Security. And yes, that means chips made by Broadcom, Qualcomm, Apple, Intel, and Chicony were all vulnerable.
Importantly, this doesn’t mean that anyone, anywhere, with malicious intent, can listen in on your AirPod-enabled phone conversations or alter your AirDrop data transfer. For starters, this vulnerability does not apply to Bluetooth Low Energy (BLE) devices like AirPods. Instead, it covers Bluetooth BR/EDR. Also, the attacker would have to be physically near you in order to pull this off — a fact that provides some consolation until you think about all the times you use Bluetooth while in public places.
There is some more good news. The researchers who discovered this vulnerability also responsibly disclosed it to manufacturers. And hey, some of those manufacturers even did something about it.
Apple, for example, issued a patch in late July for iOS, macOS, and watchOS. Microsoft, Cisco, Google, and Blackberry also all issued various patches.