A new Bluetooth vulnerability named "Key Negotiation Of Bluetooth attack" or "KNOB" has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices.
This new KNOB vulnerability was discovered by Daniele Antonioli from SUTD, Dr. Nils Tippenhauer from CISPA and Prof. Kasper Rasmussen from the University of Oxford and affects Bluetooth BR/EDR devices, otherwise known as Bluetooth Classic, using specification versions 1.0 - 5.1.
The researchers reported the vulnerability to ICASI and ICASI members such as Microsoft, Apple, Intel, Cisco, and Amazon who issued a coordinated disclosure of the vulnerability
This flaw has been assigned CVE ID CVE-2019-9506 and allows an attacker to reduce the length of the encryption key used for establishing a connection. In some cases, an attacker could reduce the length of an encryption key to a single octet.
"The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used," stated an advisory on Bluetooth.com. "In addition, since not all Bluetooth specifications mandate a minimum encryption key length, it is possible that some vendors may have developed Bluetooth products where the length of the encryption key used on a BR/EDR connection could be set by an attacking device down to a single octet."
This reduction in key length would make it much easier for an attacker to brute force the encryption key used by the paired devices to communicate with each other.
Once the key was known to the attackers, they could monitor and manipulate the data being sent between the devices. This includes potentially injecting commands, monitoring key strokes, and other types of behavior.
ICASI is not aware of this attack being used maliciously or any devices being created to initiate this type of attack.
The researchers will be be presenting this attack at the USINEX Security Symposium. They will also be releasing a paper titled "The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation Of Bluetooth BR/EDR" on August 14th, 2019.
Using the attack is not easy
Exploiting this vulnerability is not an easy task as it requires specific conditions to be in place. This includes:
- Both devices need to be Bluetooth BR/EDR.
- An attacker would need to be within range of the devices while they are establishing a connection.
- "The attacking device would need to intercept, manipulate, and retransmit key length negotiation messages between the two devices while also blocking transmissions from both, all within a narrow time window."
- The encryption key would need to be successfully shortened and then brute forced to crack the decryption key.
- The attacker would need to repeat this attack every time the devices paired.
Mitigating the KNOB vulnerability
To resolve this vulnerability, the Bluetooth specification has been updated to recommend a minimum encryption key length of 7 octets for BR/EDR connections.
"Bluetooth SIG has updated the Bluetooth Core Specification to recommend a minimum encryption key length of 7 octets for BR/EDR connections. The Bluetooth SIG will also include testing for this new recommendation within our Bluetooth Qualification Program. In addition, the Bluetooth SIG strongly recommends that product developers update existing solutions to enforce a minimum encryption key length of 7 octets for BR/EDR connections."
Microsoft has released an update today titled "CVE-2019-9506 | Encryption Key Negotiation of Bluetooth Vulnerability" that will mitigate this vulnerability by enforcing "a default 7-octet minimum key length to ensure that the key negotiation does not trivialize the encryption."
This mitigation, though, is not enabled by default, as once enabled, Windows will block Bluetooth devices from connecting that do not meet the defined minimum key size.
Once the update is installed, to enable this feature in Windows you would need to add the EnableMinimumEncryptionKeySize
value to HKLM\System\CurrentControlSet\Policies\Hardware\Bluetooth
key and set it to 1
.
You would then need to turn off Bluetooth, disable and enable the Bluetooth device in Device Manager, and then turn Bluetooth back on.
To disable this mitigation, you can set the EnableMinimumEncryptionKeySize
to 0
.
Full list of vendors
Below is the full list provided by ICASI of members and partners and whether they are affected:
ICASI Members:
- A10 Networks: Not Impacted
- Blackberry: http://support.blackberry.com/kb/articleDetail?articleNumber=000057251
- Cisco: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190813-bluetooth
- Intel Corporation: Not impacted. Further Information is available here: https://software.intel.com/security-software-guidance/insights/more-information-exploiting-low-entropy-encryption-key-negotiation-bluetooth-bredr
- Johnson Controls: https://www.johnsoncontrols.com/cyber-solutions/security-advisories
- Juniper: Not Impacted
- Microsoft: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-9506
- Oracle: Not Impacted
- VMWare: Not Impacted
ICASI USIRP Partners:
- Apple: https://support.apple.com/kb/HT201222
- Lenovo: https://support.lenovo.com/us/en/product_security/LEN-27173
- Bluetooth Special Interest Group: https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth
- CERT CC: https://www.kb.cert.org/vuls/id/918987
- Mitre: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9506
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now