Security News > 2019 > August > Critical Bluetooth vulnerability opens millions of devices to eavesdropping attacks
A newly disclosed vulnerability (CVE-2019-9506) in the Bluetooth Core Specification can be exploited by attackers to intercept and manipulate Bluetooth communications/traffic between two vulnerable devices. Researchers Daniele Antonioli, Nils Ole Tippenhauer and Kasper Rasmussen discovered the flaw and demonstrated a practical Key Negotiation Of Bluetooth (KNOB) attack taking advantage of it. They also shared their discovery with the Bluetooth Special Interest Group (Bluetooth SIG), the CERT Coordination Center, and members of the International Consortium for … More → The post Critical Bluetooth vulnerability opens millions of devices to eavesdropping attacks appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/OsKgNci-Oiw/
Related news
- FortiManager critical vulnerability under active attack (source)
- Ivanti warns of another critical CSA flaw exploited in attacks (source)
- Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks (source)
- Critical Ivanti vTM auth bypass bug now exploited in attacks (source)
- CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns (source)
- PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) (source)
- Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-08-14 | CVE-2019-9506 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. | 4.8 |