Researchers found a weakness in the Bluetooth standard that affects all Bluetooth devices and could lead to man-in-the-middle attacks.
The researchers — Daniele Antonioli, a PhD student in computer science at the Singapore University of Technology and Design, Nils Ole Tippenhauer, faculty at CISPA Helmholtz Center for Information Security in Saarbrücken, Germany, and Kasper Rasmussen, associate professor in the Computer Science Department at the University of Oxford — described the Key Negotiation of Bluetooth (KNOB) attack in a new paper, called “The KNOB is Broken.”
“The attack allows a third party, without knowledge of any secret material (such as link and encryption keys), to make two (or more) victims agree on an encryption key with only 1 byte (8 bits) of entropy,” the researchers wrote in the abstract of the paper. “Such low entropy enables the attacker to easily brute force the negotiated encryption keys, decrypt the eavesdropped ciphertext, and inject valid encrypted messages (in real-time).”
The KNOB attack requires the attacker to be within Bluetooth range of the target devices, but it can be performed on devices that have already been paired together. The researchers said a successful attack would allow someone to eavesdrop on the information passed between the target devices.
Matthew Green, cryptography expert and professor at Johns Hopkins University’s Information Security Institute, pointed out on Twitter that the KNOB attack weakness has been in the Bluetooth specification “for years.”
If you want to understand how such a boneheaded mechanism made it into, and survived for years inside of the Bluetooth spec, all you need to read is the title of this slide: “page 1650”. pic.twitter.com/nl5shs3NaP
— Matthew Green (@matthew_d_green)
August 15, 2019
The researchers reported the vulnerability (tracked as CVE-2019-9506) and details of the KNOB attack to the Bluetooth Special Interest Group (Bluetooth SIG) in November 2018. Although the researchers only tested 17 Bluetooth chips, they believe “any standard-compliant Bluetooth device can be expected to be vulnerable.”
The Bluetooth SIG advisory said there was no evidence the vulnerability had been exploited in the wild. However, the research paper said, “The attack is stealthy because the encryption key negotiation is transparent to the Bluetooth users,” so it is unclear if attacks in the wild would be detectable.
In its advisory, the Bluetooth SIG noted new recommendations to mitigate the threat of the KNOB attack.
“To remedy the vulnerability, the Bluetooth SIG has updated the Bluetooth Core Specification to recommend a minimum encryption key length of 7 octets for BR/EDR connections. The Bluetooth SIG will also include testing for this new recommendation within our Bluetooth Qualification Program,” the Bluetooth SIG wrote. “In addition, the Bluetooth SIG strongly recommends that product developers update existing solutions to enforce a minimum encryption key length of 7 octets for BR/EDR connections.”
Some major platform vendors have already released patches for the KNOB attack this month. Microsoft released a patch as part of the August Patch Tuesday release. Google patched the issue in the August 2019 Android security release. Apple patched in the iOS 12.4 release and 2019-004 releases for macOS. Also, Cisco released patches for Webex and some Cisco IP phones.