Over a billion Bluetooth-enabled devices,including smartphones,laptops,smart IoT devices,and industrial devices,have been found
vulnerable to a high severity vulnerability that could allow attackers to spy on data transmitted between the two devices.
The vulnerability,assigned as CVE-2019-9506,resides in the way’encryption key negotiation protocol’lets two Bluetooth BR/EDR devices
choose an entropy value for encryption keys while pairing to secure their connection. Referred to as the Key Negotiation of
Bluetooth (KNOB) attack,the vulnerability could allow remote attackers in close proximity to targeted devices to intercept, monitor,
or manipulate encrypted Bluetooth traffic between two paired devices.
The Bluetooth BR/EDR (Basic Rate/Enhanced Data Rate,also known as”Bluetooth Classic”) is a wireless technology standard that has
typically been designed for relatively short-range,continuous wireless connection such as streaming audio to headsets