Home
Artists
Search
Recent
Random
Posts
DMs
Tags
Random
Importer
Import
FAQ
Account
Register
Favorites
Login
Bluetooth KNOB Attack - ThreatWire Crosspost (Patreon)
Downloads
Content
Support me on alternative platforms! https://snubsie.com/support
https://www.youtube.com/shannonmorse -- subscribe to my new channel!
ThreatWire is only possible because of our Patreon patrons! https://www.patreon.com/threatwire
Bluetooth KNOB attack:
https://thehackernews.com/2019/08/bluetooth-knob-vulnerability.html
https://www.usenix.org/system/files/sec19-antonioli.pdf
https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/
This new Bluetooth vulnerability is called the KNOB attack, for Key Negotiation of Bluetooth Attack. This can allow an attacker to brute force encryption keys that are usually used when pairing. Once stolen, they could snoop on the encrypted data or even manipulate the traffic. It affects Bluetooth BR and EDR devices AKA Bluetooth classic, with version 1.0 to 5.1. This attack can reduce the length of an encryption key used when pairing, sometimes even to a single octet. According to an advisory on Bluetooth DOT com, quote “Not all Bluetooth specifications mandate a minimum encryption key length, [so] it is possible that some vendors may have developed Bluetooth products where the length of the encryption key used on a BR/EDR connection could be set by an attacking device down to a single octet.” Sometimes, even if a key length is mandated by a device, they may not verify the encryption key length before pairing. Devices can support up to 16 bytes, so more equals better security.
Once an attacker changes the key length, they could brute force the encryption key, since decrypting lower key lengths is faster. Then, sending malicious commands or snooping on keystrokes, audio, etc, would be a lot easier. Audio headsets, bluetooth speakers, IoT devices, keyboards, and more could be vulnerable to this hack.
This attack does require an attacker to be within wireless range of the vulnerable Bluetooth devices, and both devices attempting to pair would need to have the vulnerability. It would also require a very narrow window of time to perform the attack - while the pairing is happening - and the attacker would need to block the two devices from pairing with him or herself.
The vulnerability was discovered by researchers from the Center for IT Security Privacy and Accountability (CISPA), Singapore University of Technology and Design, and the University of Oxford and was reported to the ICASI (The Industry Consortium for Advancement of Security on the Internet ) and well known brands like Microsoft, Apple, Intel, Cisco, and Amazon. The vulnerability is CVE-2019-9506. So far there are no reports of this being used in the wild and the researchers presented their findings at a security symposium. A paper on the subject is also available for reading online. The Bluetooth Special interest group updated the Bluetooth Core Specification to recommend minimum encryption key lengths of 7 octets for BR/EDR connections, as well as a qualification program. Older devices can be updated to enforce the new minimum length policy. Vendors must patch older devices and users must update their devices to said patches in order to not be vulnerable.
Files
