Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks

Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks

Those who are familiar with Bluetooth BR/EDR technology (aka Bluetooth Classic, from 1.0 to 5.1) can attest that it is not perfect. Like any other piece of hardware or software technology already on market, its usefulness comes with flaws.

Early last week, academics at Singapore University of Technology, the CISPA Helmholtz Center for Information Security, and University of Oxford released their research paper [PDF] on a type of brute-force attack called Key Negotiation of Bluetooth, or KNOB. KNOB targets and exploits a weakness in the firmware of a device’s Bluetooth chip that allows hackers to perform a Man-in-the-Middle (MiTM) attack via packet injection and disclose or leak potentially sensitive data.

The Bluetooth vulnerability that KNOB targets is identified as CVE-2019-9506. According to the paper, Bluetooth chips manufactured by Intel, Broadcom, Apple, and Qualcomm are vulnerable to KNOB attacks.

What causes a KNOB attack?

The researchers have identified two circumstances of Bluetooth programming that allow KNOB attacks to be successful.

Firstly, Bluetooth inherently allows the use of keys that have a minimum length of 1 byte, which may hold 1 character. Think of this as a one-character password. Such a password would have a low entropy—meaning it would be easily predictable or guessed. Although keys with low entropy can still keep a Bluetooth-paired connection secure, hackers can easily circumvent them with a brute-force attack.

Researchers said that the 1-byte lower limit was put in place to follow international encryption regulations.

And, secondly, Bluetooth inherently does not check changes in entropy, which occurs when two devices start to “negotiate” the key length they will be using to encrypt their connection. Worse, this pre-pairing phase isn’t encrypted. The device receiving the pairing request will have no choice but to accept the low-entropy key.

Essentially, this leaves users expecting that they can safely exchange potentially sensitive data with a trusted paired device over what they thought was a secure connection—but it is not. And there is no way for them to know this.

How does it work?

The researchers implemented their attack via an illustration of people named Alice, Bob, and Charlie, with the first two as potential targets and the last as the attacker.

  1. Alice, who in this example is the owner of the master device—the Bluetooth device trying to establish a secure connection with another Bluetooth device—sends a pairing request to Bob, who is the owner of the slave device—the Bluetooth device receiving the request. A master can be paired with many slaves, but for this example, we’ll only use one, which is Bob’s.
  2. Before the two devices are paired, Alice and Bob must first agree on an encryption key to use to secure their connection. This is where the negotiation takes place. Alice would like her and Bob to use an encryption key with 16 bytes of entropy.
  3. Charlie, the man-in-the-middle attacker, intercepts this proposal and changes the entropy value of 16 bytes to 1 byte before sending it off to Bob.
  4. Bob receives the modified request for the use of an encryption key with 1 byte of entropy and sends an acceptance message back to Alice.
  5. Charlie intercepts the acceptance message and changes it to a proposal to use an encryption key with 1 byte of entropy.
  6. Alice receives the modified proposal and accepts the use of an encryption key with 1 byte of entropy and sends an acceptance message back to Bob.
  7. Charlie drops the acceptance message from Alice because, to the best of Bob’s knowledge, he didn’t send any proposal to Alice that would merit an acceptance.
  8. The pairing between Alice’s and Bob’s devices is successful.

Unfortunately, Alice and Bob would have no idea that they are relying on a poorly-encrypted Bluetooth connection that Charlie can easily infiltrate while they exchange data.

While these may sound simple enough, it’s highly unlikely that we’ll see someone performing this kind of attack—random or targeted—in watering holes like coffee shops and airports. Implementing a successful KNOB attack in the wild and over-the-air needs some expensive devices, such as a Bluetooth protocol analyzer and a finely-tuned brute force script. It is also exceedingly difficult to implement an over-the-air attack, which is why the researchers admitted to opting for a simpler, cheaper, and more reliable means of testing the effectiveness of a KNOB attack in their simulations.

Does KNOB affect me?

Researchers surmised that, as KNOB attacks Bluetooth at the architectural level, its vulnerability “endangers potentially all standard compliant Bluetooth devices, regardless [of] their Bluetooth version number and implementation details.”

Fortunately, the team already disclosed the vulnerability to the Bluetooth Special Interest Group (SIG)—the organization responsible for maintaining the technology and overseeing its standards—the International Consortium for Advanced Cybersecurity on the Internet, and the CERT Coordination Centre in Q4 2018.

In a security notice, SIG announced that it has remedied the vulnerability by updating the Bluetooth Core Specification to recommend the use of encryption keys with a minimum of 7 bytes of entropy for BR/EDR connections.

To know if your Bluetooth devices are vulnerable to the KNOB attack, recall if you have updated them since late 2018. If you haven’t, chances are that your devices are vulnerable. The researchers were positive that updates after that date fixed the vulnerability.

If you’re still unsure, Carnegie Mellon University put together information on systems that KNOB can affect.

How to protect your Bluetooth devices

Patching all your Bluetooth devices is the logical next step, especially if you’re unsure if you have since late last year.

Here is a concise list of security update notices from product vendors of Bluetooth-enabled devices you might want to check out:

When it comes to sharing potentially sensitive data with someone else, Bluetooth isn’t the best technology that truly guarantees a safe and secure exchange. So as a final note, you’re better off using other more secure methods of sharing data.

As for your Bluetooth headphones, should you be worried? Maybe not so much. But you might want to think about your IoT devices, mobile phones, and smart jewelry.

Stay informed and stay safe!


Jovi Umawing

Knows a bit about everything and a lot about several somethings. Writes about those somethings, usually in long-form.