Researchers from Oxford University, the Singapore University of Technology and Design, and CISPA Helmholtz Center for Information Security discovered the attack, which has since been dubbed KNOB, which is short for “Key Negotiation of Bluetooth.” (You, in the back. Stop laughing. This is serious.) The thrust of the KNOB attack sees an adversary trick the devices participating in a Bluetooth handshake to use a degraded encryption key with just one byte of entropy. This opens the door to a brute force attack, where the adversary can “guess” the encryption key by cycling through all the possible options.
— Matthew Green (@matthew_d_green) August 15, 2019 Once that’s done, the attacker has free reign, allowing them to inject their own files into the transfer, or even spy on data being transferred within devices. The KNOB attack is especially pernicious because it doesn’t violate the Bluetooth DR/EDR specification, which explicitly permits keys with just one byte of entropy. It’s also been proven to work on Bluetooth radios from all the major manufacturers, including Broadcom, Apple, and Intel. And, as the researchers point out in the technical paper describing the vulnerability, victims of a hacker’s KNOB don’t even realize they’ve been compromised. That’s because the attack focuses on the key exchange process, rather than compromising the individual devices themselves. Fortunately, there’s some good news. Firstly, the Bluetooth SIG has updated the specification to recommend device manufacturers use a minimum of seven bytes of entropy. Vendors have also been aware of the KNOB attack since late 2018, and many are issuing patches to users in order to protect users against it. Furthermore, it’s apparently really tricky to exploit, meaning that this attack is unlikely to be used in a widespread attack. “For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were establishing a BR/EDR connection,” the Bluetooth SIG writes. “If one of the devices did not have the vulnerability, then the attack would not be successful. The attacking device would need to intercept, manipulate, and retransmit key length negotiation messages between the two devices while also blocking transmissions from both, all within a narrow time window,” it adds. That’s a relief. Still, one hopes that any slippery hackers caught exploiting this flaw experience the long, hard, throbbing arm of the law. Alright, I’m done now.
— Daniel Cuthbert (@dcuthbert) August 16, 2019 KNOB, HAHAHAHA.