Next January I will join as a postdoc Mathias Payer’s HexHive group at EPFL.
Looking forward to start a new adventure, and meet old and new friends.
😆
I’ve collected a list of references and advisories about the KNOB attack from several hardware and software providers and organizations. You can find it in the last paragraph of the “Are my Devices Vulnerable?” section of knobattack.com.
Title of the paper: The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation Of Bluetooth BR/EDR:
More info at knobattack.com
In this post I’m trying to address some discussion points and misconceptions about the KNOB attack.
Researchers from CISPA discovered the KNOB attack
Partially true. The KNOB attack was discovered by myself (Daniele Antonioli) from SUTD, Nils Ole Tippenhauer from CISPA, and Kasper Rasmussen from the University of Oxford. In particular, I’ve identified the vulnerability back in May 2018 while I was working with Kasper on Nearby Connections at the University of Oxford, and I wrote the first exploit in October 2018 while I was visiting Nils (my former advisor at SUTD) at CISPA. I’d like to thank the researchers from CISPA who kindly lent me their Bluetooth devices.
The code that we developed to validate and brute force E0 encryption keys is online.
The slides of my KNOB attack SEC19 talk are also online. As we can see from the slides, the KNOB attack is not conducted while two Bluetooth devices are pairing, but when two devices are connecting (establishing a new encrypted session). Bluetooth (BR/EDR) is a technology with a pair-once connect-multiple-times paradigm. For example, you pair your smartphone with your car once, and then every day you connect the two and the devices negotiate a new (fresh) encryption key.