Bluetooth

A new Bluetooth vulnerability named "Key Negotiation Of Bluetooth attack" or "KNOB" has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices.

This new KNOB vulnerability was discovered by Daniele Antonioli from SUTD, Dr. Nils Tippenhauer from CISPA and Prof. Kasper Rasmussen from the University of Oxford and affects Bluetooth BR/EDR devices, otherwise known as Bluetooth Classic, using specification versions 1.0 - 5.1.

The researchers reported the vulnerability to ICASI and ICASI members such as Microsoft, Apple, Intel, Cisco, and Amazon who issued a coordinated disclosure of the vulnerability

This flaw has been assigned CVE ID CVE-2019-9506 and allows an attacker to reduce the length of the encryption key used for establishing a connection. In some cases, an attacker could reduce the length of an encryption key to a single octet.

"The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used," stated an advisory on Bluetooth.com. "In addition, since not all Bluetooth specifications mandate a minimum encryption key length, it is possible that some vendors may have developed Bluetooth products where the length of the encryption key used on a BR/EDR connection could be set by an attacking device down to a single octet."

This reduction in key length would make it much easier for an attacker to brute force the encryption key used by the paired devices to communicate with each other.

Once the key was known to the attackers, they could monitor and manipulate the data being sent between the devices. This includes potentially injecting commands, monitoring key strokes, and other types of behavior.

ICASI is not aware of this attack being used maliciously or any devices being created to initiate this type of attack.

The researchers will be be presenting this attack at the USINEX Security Symposium. They will also be releasing a paper titled "The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation Of Bluetooth BR/EDR" on August 14th, 2019.

Using the attack is not easy

Exploiting this vulnerability is not an easy task as it requires specific conditions to be in place. This includes:

  • Both devices need to be Bluetooth BR/EDR.
  • An attacker would need to be within range of the devices while they are establishing a connection.
  • "The attacking device would need to intercept, manipulate, and retransmit key length negotiation messages between the two devices while also blocking transmissions from both, all within a narrow time window."
  • The encryption key would need to be successfully shortened and then brute forced to crack the decryption key.
  • The attacker would need to repeat this attack every time the devices paired.

Mitigating the KNOB vulnerability

To resolve this vulnerability, the Bluetooth specification has been updated to recommend a minimum encryption key length of 7 octets for BR/EDR connections.

"Bluetooth SIG has updated the Bluetooth Core Specification to recommend a minimum encryption key length of 7 octets for BR/EDR connections.  The Bluetooth SIG will also include testing for this new recommendation within our Bluetooth Qualification Program.  In addition, the Bluetooth SIG strongly recommends that product developers update existing solutions to enforce a minimum encryption key length of 7 octets for BR/EDR connections."

Microsoft has released an update today titled "CVE-2019-9506 | Encryption Key Negotiation of Bluetooth Vulnerability" that will mitigate this vulnerability by enforcing "a default 7-octet minimum key length to ensure that the key negotiation does not trivialize the encryption."

This mitigation, though, is not enabled by default, as once enabled, Windows will block Bluetooth devices from connecting that do not meet the defined minimum key size.

Once the update is installed, to enable this feature in Windows you would need to add the EnableMinimumEncryptionKeySize value to HKLM\System\CurrentControlSet\Policies\Hardware\Bluetooth key and set it to 1.

You would then need to turn off Bluetooth, disable and enable the Bluetooth device in Device Manager, and then turn Bluetooth back on.

To disable this mitigation, you can set the EnableMinimumEncryptionKeySize to 0.

Full list of vendors

Below is the full list provided by ICASI of members and partners and whether they are affected:

ICASI Members:

ICASI USIRP Partners:

Related Articles:

Dev rejects CVE severity, makes his GitHub repo read-only

Juniper releases out-of-cycle fix for max severity auth bypass flaw

Critical GitLab bug lets attackers run pipelines as any user

Rafel RAT targets outdated Android phones in ransomware attacks

Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released