The attack is called a KN negot (key negotiation of Bluetooth). It is an attack aimed at setting up basic data rates. Or improved (BR / EDR or Bluetooth Classic) causing data leakage Or used to elevate access rights

The vulnerability was discovered by researchers from the Center for IT-Security, Privacy, and Accountability (CISPA), which have been reported to the Bluetooth Confederation. And Microsoft has its own Bluetooth feature patch for this monthly update.

But the Windows patch does not mean that it will be completely solved. In the announcement of the VU # 918987 vulnerability, the CERT / CC described the vulnerability under the code. CVE-2019-9506 With a serious score, CVSS is 9.3

This vulnerability is in the process during which the Bluetooth device decides. And create an encryption key This point is possible from 1 - 16 bytes, where only one byte may give the encryption key that is too small to be attacked by a password or Brute Force by the attacker.
Share To:

Qais Butt

Post A Comment:

0 comments so far,add yours