Flaw let hackers spy on—and even alter—data sent via Bluetooth

Say it with me: Bluetooth is not your friend.

It turns out that the frustratingly buggy way to pair speakers, printers, and numerous other third-party devices with your smartphone or computer can't keep a secret. Security researchers this week announced a major vulnerability in the Bluetooth specification that allows hackers to not only listen in on the data being sent between two devices, but clandestinely alter it as well.

"[An] attacker is able to the listen in on, or change the content of, nearby Bluetooth communication, even between devices that have previously been successfully paired," the researchers explain.

Dubbed the KNOB attack, the vulnerability affected every single standard-compliant Bluetooth device tested by a group consisting of security researchers from the Singapore University of Technology and Design, University of Oxford, and CISPA Helmholtz Center for Information Security. And yes, that means chips made by Broadcom, Qualcomm, Apple, Intel, and Chicony were all vulnerable.

Importantly, this doesn't mean that anyone, anywhere, with malicious intent can listen in on your AirPod-enabled phone conversations or alter your AirDrop data transfer. For starters, this vulnerability does not apply to Bluetooth Low Energy (BLE) devices like AirPods. Instead, it covers Bluetooth BR/EDR. Also, the attacker would have to be physically near you in order to pull this off — a fact that provides some consolation until you think about all the times you use Bluetooth while in public places.

There is some more good news. The researchers who discovered this vulnerability also responsibly disclosed it to manufacturers. And hey, some of those manufacturers even did something about it.

Apple, for example, issued a patch in late July for iOS, macOS, and watchOS. Microsoft, Cisco, Google, and Blackberry also all issued various patches.

That's the good news. The bad? Well, you need to have actually installed the patches for the fix to take effect.

So go ahead and make sure your phone, computer, and any other Bluetooth-enabled device is up to date. And maybe, just maybe, going forward think twice about sending sensitive data over Bluetooth. Find a friend that can keep a secret.