KNOB Attack on Bluetooth Classic (BR/EDR)
The Key Negotiation Of Bluetooth (KNOB) attack on Bluetooth Classic (BR/EDR) is presented in our paper titled The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation of Bluetooth BR/EDR. The KNOB attack is listed as CVE-2019-9506.
The KNOB attack exploits the fact that the specification of Bluetooth includes an encryption key negotiation protocol that allows to negotiate encryption keys with entropy as low as 1 Byte, without protecting the integrity of the negotiation process. A remote attacker can manipulate the entropy negotiation to let any standard compliant Bluetooth device negotiate encryption keys with 1 byte of entropy, and then brute force the low entropy keys in real time.
Below my paper presentation at USENIX Security 2019:
KNOB Attack on Bluetooth Low Energy (BLE)
The Key Negotiation Of Bluetooth (KNOB) attack on Bluetooth Low Energy (BLE) is presented in our paper titled Key Negotiation Downgrade Attacks on Bluetooth and Bluetooth Low Energy.