The fact that attackers can exploit the flaw even for devices that had been previously paired makes it even worse. According to the paper the researchers published, the vulnerability affects devices that use Bluetooth BR/EDR (or Bluetooth Classic) connection. The attack will only work if both devices establishing a connection have the vulnerability. That said, all the Bluetooth chips the researchers tested were vulnerable. KNOB’s official website says:

“The KNOB attack is possible due to flaws in the Bluetooth specification. As such, any standard-compliant Bluetooth device can be expected to be vulnerable. We conducted KNOB attacks on more than 17 unique Bluetooth chips (by attacking 24 different devices). At the time of writing, we were able to test chips from Broadcom, Qualcomm, Apple, Intel, and Chicony manufacturers. All devices that we tested were vulnerable to the KNOB attack.”

Tech giants like Apple and Microsoft have already rolled out patches to fix the flaw, and the Bluetooth Core Specification has been changed to require a minimum encryption key length. For those measures to work against what the researchers say is “a serious threat to the security and privacy of all Bluetooth users,” though, people must update their devices when a fix becomes available.