News

I’m glad to give a talk titled From the Bluetooth Standard to Standard Compliant 0-days together with Mathias Payer at the virtual edition of Hardwear.io 2020.

Our talk covers, among others, the technical details behind the Key Negotiation Of Bluetooth (KNOB) attack on Bluetooth BR/EDR, its extension to BLE, and the countermeasures adopted by vendors, such as Google and Apple, to mitigate the KNOB attacks.

The InspiredResearch (Winter 2019 Issue 15) twice-yearly newsletter from the Computer Science Department of the University of Oxford features a nice article about the KNOB attack by Prof. Kasper Rasmussen.

Recently, I’ve stumbled upon the webpage about Security Engineering – Third Edition (SEv3) by Prof. Ross Anderson. I’m particularly attached to this book, as it is the first book about information security that I bought (I bought SEv2 in 2012), and it was very helpful to introduce me to security engineering (coming from an EE background) and to tackle my master thesis about Random Number Generators. Actually, I have to thank Prof. Wayne Burleson for the book recommendation!

Next January I will join as a postdoc Mathias Payer’s HexHive group at EPFL.

Looking forward to start a new adventure, and meet old and new friends.

😆

I’ve collected a list of references and advisories about the KNOB attack from several hardware and software providers and organizations. You can find it in the last paragraph of the “Are my Devices Vulnerable?” section of knobattack.com.

Today CyberWire aired my interview about the KNOB attack with Dave Bittner.

I’m glad to announce that I’ve completed my PhD in Computer Science at SUTD about Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems. I’ve uploaded my thesis and the slides of my final presentation. For more information have a look here.

I’ve pushed the code to perform the KNOB attack also when the Nexus 5 is the Bluetooth slave responding to the first LMP packet. To switch between different attack modes have a look at the updated README.

Partially true. The KNOB attack was discovered by myself (Daniele Antonioli) from SUTD, Nils Ole Tippenhauer from CISPA, and Kasper Rasmussen from the University of Oxford. In particular, I’ve identified the vulnerability back in May 2018 while I was working with Kasper on Nearby Connections at the University of Oxford, and I wrote the first exploit in October 2018 while I was visiting Nils (my former advisor at SUTD) at CISPA. I’d like to thank the researchers from CISPA who kindly lent me their Bluetooth devices.

The code that we developed to validate and brute force E0 encryption keys is online.

The slides of my KNOB attack SEC19 talk are also online. As we can see from the slides, the KNOB attack is not conducted while two Bluetooth devices are pairing, but when two devices are connecting (establishing a new encrypted session). Bluetooth (BR/EDR) is a technology with a pair-once connect-multiple-times paradigm. For example, you pair your smartphone with your car once, and then every day you connect the two and the devices negotiate a new (fresh) encryption key.