Bluetooth KNOB Attacks

In 2019 we disclosed two families of high impact attacks affecting the entropy negotiation protocols of Bluetooth Classic (BC) and Bluetooth Low Energy (BLE). We named the attacks Key Negotiation of Bluetooth (KNOB) attacks. They are tracked as CVE-2019-9506.

Our first work titled The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation of Bluetooth BR/EDR explains how to exploit BC’s entropy negotiation to downgrade the entropy of a Bluetooth security key to 1 byte and then brute-force it.

In a follow-up work titled Key Negotiation Downgrade Attacks on Bluetooth and Bluetooth Low Energy we analyzed also BLE and found that it is vulnerable as well to the KNOB attacks. In this case the attacker can downgrade the entropy of BLE security key to 7 bytes and then brute-force it.

USENIX Security 2019 Paper Presentation

Bluetooth blues: KNOB attack explained. — Research Saturday

BIAS + KNOB attack against Bluetooth IACR Attacks in Crypto

From Bluetooth Standard to Standard Compliant 0-days

comments powered by Disqus