Apple is having a horrendous time this month and to-date, the Cupertino-based brand’s iPhone battery practices were exposed, then Apple’s Face ID biometric authentication was hacked, the iOS code had been exploited and more recently, the iPhone 11’s final secrets were laid bare for the entire world to see. Now, Apple’s month has just gotten a whole lot worse as security researchers have uncovered a KNOB attack which affects billions of iOS and Android users around the globe.
While Google has already done their part to patch the issue, iPhone and iPad users are still affected as Apple has made a bizarre mistake that leaves them vulnerable.
KNOB which stands for Key Negotiation of Bluetooth and it is a clever brute force attack on any standard Bluetooth device. With this attack, hackers can make it work remotely by taking advantage of a flaw in the Bluetooth encryption key protocol to force through small packets of data which give the hacker access to your device. And since it is a flaw inherent to Bluetooth, everyone with an iOS device is vulnerable.
The researchers explained, “We conducted KNOB attacks on more than 17 unique Bluetooth chips (by attacking 24 different devices). At the time of writing, we were able to test chips from Broadcom, Qualcomm, Apple, Intel, and Chicony manufacturers. All devices that we tested were vulnerable to the KNOB attack.”
The reason why this exploit is especially dangerous for iOS users is that in its security notes, Apple confirms, “iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later” are prone to it and a patch was issued in iOS 12.4. However, iOS 12.4 contains a staggering exploit that enables hackers to remotely jailbreak iPhones and iPads and install malicious software.
Consequently, each and every iPhone or iPad is said to be vulnerable to KNOB if they aren’t upgraded to iOS 12.4. Andy every device that has already been upgraded to iOS 12.4 is said to be vulnerable to a remote attack which is equally bad.
A related report by Forbes states, “Are you running a very old iPhone or iPad and feeling smug? Don’t. Not only is every iOS device ever made running standard-compliant Bluetooth, making them all vulnerable to KNOB, old devices are no longer supported meaning they are unlikely to be patched. So when, in January, Tim Cook stated there are 1.4BN active iOS devices around the world, that’s how many are vulnerable to this Catch-22 situation right now.”