Bluetooth Security

Toggle sidebar Toggle sidebar
jadenerd

jadenerd

Well-known member
Apr 12, 2012
519
15
18
I've been reading a lot in the last few days about bluetooth security vulnerabilities. Are there any settings in our Note 10's that would decrease the BT security risks when BT is turned on, which mine is all the time.
 
jadenerd said:
I've been reading a lot in the last few days about bluetooth security vulnerabilities. Are there any settings in our Note 10's that would decrease the BT security risks when BT is turned on, which mine is all the time.
Click to expand...

Make sure phone visibility is turned off I think
 
If you are worried about the recent revelation of the KNOB attack on Bluetooth devices, then unless you get the August 1 security update, there's not much you can do.

The attack happens between two already connected devices. It intercepts the existing connections and injects its own encryption key bit level requirement and brute-forces it's way in with a lower bit count.

That's the vulnerability - the ability to alter the encryption entropy down to 1 bit (the range goes up to 16 bit, which is much harder to break). It's part of the original BT standard from 20 years ago that's still there. Then brute-force guessing becomes much easier, and quicker.

Of course, these kinds of attacks still takes time, requires proximity of at least Bluetooth range, and both devices with the vulnerability. If at least one is updated, I don't think the attack will work. While basic IOT devices, or car infotainment system don't usually get quick updates for such things, at least your phone will - if it's new enough to still get regular updates.
 
joeldf said:
If you are worried about the recent revelation of the KNOB attack on Bluetooth devices, then unless you get the August 1 security update, there's not much you can do.

The attack happens between two already connected devices. It intercepts the existing connections and injects its own encryption key bit level requirement and brute-forces it's way in with a lower bit count.

That's the vulnerability - the ability to alter the encryption entropy down to 1 bit (the range goes up to 16 bit, which is much harder to break). It's part of the original BT standard from 20 years ago that's still there. Then brute-force guessing becomes much easier, and quicker.

Of course, these kinds of attacks still takes time, requires proximity of at least Bluetooth range, and both devices with the vulnerability. If at least one is updated, I don't think the attack will work. While basic IOT devices, or car infotainment system don't usually get quick updates for such things, at least your phone will - if it's new enough to still get regular updates.
Click to expand...

Thank you so much for the thorough explanation. I did the software update right out of the box, if that is the one to which you are referring. I use BT constantly - wireless earbuds, neckphones, over the earphones, car infotainment. New phone and new tablet so, hopefully, I can leave BT running.
 
joeldf said:
If you are worried about the recent revelation of the KNOB attack on Bluetooth devices, then unless you get the August 1 security update, there's not much you can do.

The attack happens between two already connected devices. It intercepts the existing connections and injects its own encryption key bit level requirement and brute-forces it's way in with a lower bit count.

That's the vulnerability - the ability to alter the encryption entropy down to 1 bit (the range goes up to 16 bit, which is much harder to break). It's part of the original BT standard from 20 years ago that's still there. Then brute-force guessing becomes much easier, and quicker.

Of course, these kinds of attacks still takes time, requires proximity of at least Bluetooth range, and both devices with the vulnerability. If at least one is updated, I don't think the attack will work. While basic IOT devices, or car infotainment system don't usually get quick updates for such things, at least your phone will - if it's new enough to still get regular updates.
Click to expand...
Sounds like you're in Infosec.
 
You must log in or register to reply here.

Similar threads

Seeker336
Update: Jan 1 Security patch
Replies
1
Views
2K
Samsung Galaxy Z Flip 6
Seeker336
Seeker336
A
  • Question Question
Question Google ‘sessions’
Replies
3
Views
303
Ask a Question
B. Diddy
B. Diddy
D
  • Question Question
Question Oneplus 10 Pro & BT Router issues - RESOLVED
Replies
9
Views
2K
Ask a Question
drc
D
D
  • Question Question
Question Moto G4 Plus XT1640 not recognized by PC
Replies
2
Views
288
Ask a Question
B. Diddy
B. Diddy
dbd1114
Samsung S21 FE Major Bluetooth, WiFi, and USB File Transfer Problems
Replies
10
Views
5K
Samsung Galaxy S21 & S21+ & S21 Ultra
mustang7757
mustang7757

Latest posts

Trending Posts

Members online

Total: 2,389 (members: 20, guests: 2,369)

Forum statistics

Threads
954,734
Messages
6,962,666
Members
3,163,118
Latest member
bossolini

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom