New Bluetooth Vulnerability: Hackers Could Spy on You

Millions of us use Bluetooth wireless communications every day—to make phone calls when driving, with our fitness trackers, streaming at work or play. Innocent enough, seemingly. But no technology comes without a warning: a recently discovered Bluetooth vulnerability allows hackers to spy on your conversations or take control of your smart phone. The vulnerability deals with the encryption between two devices. It even has a name—a KNOB hack (Key Negotiation Of Bluetooth).

This is not the first time Bluetooth has been hacked and it likely won’t be the last. And this one has its limitations. To take advantage of the KNOB vulnerability the hacker has to be in close proximity of your phone. There is also currently no evidence that this vulnerability has been exploited maliciously.

Still, for the sake of cyber hygiene, take the following steps to protect yourself from a KNOB hack:
• Install updates for your smart phone as they become available.
• Remove devices paired with your phone that you no longer need or recognize.
• Turn off Bluetooth when you are not using it.

iPhone users can manage Bluetooth from the Control Center or within Settings, including removing Bluetooth devices at the information icon under the “My Devices” section in the Bluetooth Setting. Android smart phones have similar capabilities.

For more suggestions for strengthening your IT security postures, see our article "Cyber Hygiene: It's a Real Thing".

HBK Risk Advisory Services can help you with your cyber hygiene. Call us at 330-758-8613 or email me at As always, we’re happy to answer your questions and discuss your concerns.

Please indicate the industry that your company operates in: *

About the Author(s)
Bill Heaven is a Senior Manager in HBK’s Information Technology (IT) Department and works out of the firm’s corporate office in Youngstown, Ohio. He specializes in cyber security, IT security, external IT audit, internal IT audit, IT consulting, software Development, IT governance, PCI-DSS, supply chain, system implementations and e-Commerce and has worked for a wide range of industries, including the Public Accounting field. Bill is a certified public accountant, a certified information system auditor, and a certified supply chain professional. He earned a Bachelor of Business Administration degree in Computer Science from Kent State University. Bill is a member of the American Institute of Certified Public Accountants (AICPA), the Ohio Society of Certified Public Accountants (OSCPA), the Information System Audit and Control Association (ISACA) and the Canfield Chapter of Rotary International.
Hill, Barth & King LLC has prepared this material for informational purposes only. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or under any state or local tax law or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. Please do not hesitate to contact us if you have any questions regarding the matter.