KNOB Attack FAQ
In this post I’m trying to address some discussion points and misconceptions about the KNOB attack.
Attribution
Researchers from CISPA discovered the KNOB attack
Partially true. The KNOB attack was discovered by myself (Daniele Antonioli) from SUTD, Nils Ole Tippenhauer from CISPA, and Kasper Rasmussen from the University of Oxford. In particular, I’ve identified the vulnerability back in May 2018 while I was working with Kasper on Nearby Connections at the University of Oxford, and I wrote the first exploit in October 2018 while I was visiting Nils (my former advisor at SUTD) at CISPA. I’d like to thank the researchers from CISPA who kindly lent me their Bluetooth devices.
Attack
The KNOB attack is performed while two Bluetooth BR/EDR devices are pairing
False. The KNOB attack targets the connection phase and can be conducted between two devices are already paired. See also slide 6
The KNOB attack can only be used to spy Bluetooth communications
Partially true. The KNOB attack can also be used to inject valid ciphertext, e.g., to impersonate a legitimate Bluetooth device.
The KNOB attack reduces the encryption key size to 1 byte
False. The encryption key size stays the same (16 bytes). The KNOB attack reduces
the entropy (randomness) of the key to 1 byte. For example the key
0xa395a045bf2410983b4309214598beaf
(16 byte of entropy)
is reduced to
0xa3000000000000000000000000000000
(1 byte of entropy) and not
to 0xa3
.
The KNOB attack is theoretical
False. The KNOB attack exploits an actual vulnerability in the key negotiation protocol of Bluetooth (BR/EDR). As it is an attack at the architectural level, all standard compliant devices are potentially vulnerable. Back in 2018 we performed the KNOB attack on more than 20 Bluetooth devices, and all of them were vulnerable. You can test if your device is vulnerable by using our PoC.
The attacker has to be “local” or in a “privileged” position
False. The KNOB attack can be conducted remotely. For obvious reasons the attacker has to be in Bluetooth range, but this does not imply a privileged position.
Internalblue enabled the discovery of the KNOB attack
False. I’ve discovered the vulnerability while I was analyzing Nearby Connections and reading the Bluetooth specification in May 2018. Then, while I was looking at devices with an open source Bluetooth firmware, I’ve stumbled upon the Internalblue v0.1. To implement the attack I had to extend Internalblue to support LMP packet injection, and develop some extra code for E0. Nevertheless, Internalblue is an awesome project, I recommend it, and I thank Dennis and Jiska for releasing it to the public.
Implementation
The researchers did not implement the attack
False. We implemented the KNOB attack and our implementation generates the same effects of a remote KNOB attack conducted over the air. This is nice because we have a reliable and cheap attack setup that can be reproduced without the need of signal manipulation and jamming techniques, and SDR. If you want to reproduce the attack look at our repo.
The researchers implemented only the firmware attack
False. We implement the remote attack by patching the firmware of one of the victim devices (Nexus 5). Our patches simulate the effect of a remote MitM attack and they do not change any firmware logic. This allows us to test the effect of a remote MitM attack on actual devices without having to perform the attack over the air.