Author Topic: Apple Blocks KNOB Attack on Bluetooth  (Read 1055 times)

Offline kimmer

  • Administrator
  • TS Addict
  • *****
  • Posts: 9086
    • View Profile
Apple Blocks KNOB Attack on Bluetooth
« on: August 23, 2019, 05:30:53 PM »
https://talk.tidbits.com/t/apple-blocks-knob-attack-on-bluetooth/9465

I’m curious if my ancient iPods are vulnerable?

Offline Xairbusdriver

  • Administrator
  • TS Addict
  • *****
  • Posts: 26388
  • 27" iMac (mid-17), Big Sur, Mac mini, Catalina
    • View Profile
    • Mid-South Weather
Re: Apple Blocks KNOB Attack on Bluetooth
« Reply #1 on: August 23, 2019, 06:04:24 PM »
Not if you can update it with iOS 12.4. Mine hasn't had a usable update since iOS 9.something. My solution is to simply avoid get closer than 400 meters (1312.3 feet) to anyone. :nono: That can be difficult if you have any friends. :Thinking:
THERE ARE TWO TYPES OF COUNTRIES
Those that use metric = #1 Measurement system
And the United States = The Banana system
CAUTION! Childhood vaccinations cause adults! :yes:

Offline kimmer

  • Administrator
  • TS Addict
  • *****
  • Posts: 9086
    • View Profile
Re: Apple Blocks KNOB Attack on Bluetooth
« Reply #2 on: August 23, 2019, 06:47:42 PM »
Not if you can update it with iOS 12.4. Mine hasn't had a usable update since iOS 9.something. My solution is to simply avoid get closer than 400 meters (1312.3 feet) to anyone. :nono: That can be difficult if you have any friends. :Thinking:

I just added a bunch of music to my iPod and checked for a software update. Like your iPod, no update since dust was formed.  :rofl:

BTW, mine iPod is the Nano 7th Generation. Darn near as old as dust itself. HAHAHA

Offline Highmac

  • Administrator
  • TS Addict
  • *****
  • Posts: 5455
    • View Profile
Re: Apple Blocks KNOB Attack on Bluetooth
« Reply #3 on: August 25, 2019, 04:59:54 AM »
Never had these problems with the cassette player...

By the way, that link produced a blank page on my 2nd gen iPad, but worked fine on the MBP.
Neil
MacMini (2018) OS10.14.6 (Mojave). Monitor: LG 27in 4K Ultra HD LED.
15in MacBook Pro (Mid 2014) OS10.13.4 (High Sierra);
15in MacBook Pro (2010), (ex-Snow Leopard); now OS10.13.6 (High Sierra); 500GB Solid-State SATA drive; 4GB memory.

Offline Highmac

  • Administrator
  • TS Addict
  • *****
  • Posts: 5455
    • View Profile
Re: Apple Blocks KNOB Attack on Bluetooth
« Reply #4 on: August 25, 2019, 05:16:59 AM »
Wondering what KNOB stood for, I came across a more comforting report from KTAR News.

Quote
While many technology reporters are creating lots of scary sounding headlines about how unsafe Bluetooth is now that this vulnerability is public, it’s a bit overblown.

The security researchers were able to create a specific situation in their labs to take advantage of the exploit, which only proved that it could be done, not that it is being done.

In order to actually pull this off in real life, the perpetrator would need a really specialized and expensive piece of equipment, be relatively nearby and could only exploit the connection at the very moment that the two devices were attempting to pair with one another.
So if you see some bloke with an iPhone running alongside your car on the freeway...  :toothgrin:
« Last Edit: August 25, 2019, 06:05:28 AM by Highmac »
Neil
MacMini (2018) OS10.14.6 (Mojave). Monitor: LG 27in 4K Ultra HD LED.
15in MacBook Pro (Mid 2014) OS10.13.4 (High Sierra);
15in MacBook Pro (2010), (ex-Snow Leopard); now OS10.13.6 (High Sierra); 500GB Solid-State SATA drive; 4GB memory.

Offline Xairbusdriver

  • Administrator
  • TS Addict
  • *****
  • Posts: 26388
  • 27" iMac (mid-17), Big Sur, Mac mini, Catalina
    • View Profile
    • Mid-South Weather
Re: Apple Blocks KNOB Attack on Bluetooth
« Reply #5 on: August 25, 2019, 09:03:48 AM »
You have to go back to the TidBITS story for the "KNOB" explanation:
Quote
Researchers have discovered a serious security vulnerability that afflicts all Bluetooth devices. Dubbed the Key Negotiation Of Bluetooth (KNOB) Attack, it enables an attacker to force two connecting Bluetooth devices to use a one-byte encryption key, which is trivially easy to break. After breaking the key, the attacker can intercept all traffic exchanged between the devices.

The good news is that exploiting KNOB requires the attacker to be within Bluetooth range of two vulnerable devices, which means 10 meters for most Bluetooth devices but theoretically up to 400 meters when both devices support Bluetooth 5. It also requires precision timing to intercept and modify the key exchange process. Even more important, Apple has already mitigated this vulnerability in macOS 10.14.6 Mojave, Security Update 2019-004 for Sierra and High Sierra, iOS 12.4, watchOS 5.3, and tvOS 12.4
Note that your example of someone running alongside of you on a freeway is omitted. Perhaps your NDA was too strong for them? :laughhard:
THERE ARE TWO TYPES OF COUNTRIES
Those that use metric = #1 Measurement system
And the United States = The Banana system
CAUTION! Childhood vaccinations cause adults! :yes: