NCC Group researchers have shown a novel relay attack against Bluetooth Low Energy proximity authentication systems.
The KNOB attack exploits a weakness in how Bluetooth devices negotiate the encryption key, allowing eavesdropping and decryption of communications.
The likelihood of a successful attack using a pair of vulnerabilities in some wireless access points with Bluetooth Low Energy chips against an enterprise network is currently low, but the fact that such an attack can bypass network segmentation is worrying.
A flaw in the Bluetooth specification could let a nearby attacker intercept traffic between two paired devices.
When it comes to Internet of Things (IoT) security research, you may run into roadblocks examining Bluetooth pairing and encryption between older devices and new ones - this blog post explains what you need to know to overcome them.