The InspiredResearch (Winter 2019 Issue 15) twice-yearly newsletter from the Computer Science Department of the University of Oxford features a nice article about the KNOB attack by Prof. Kasper Rasmussen.
Recently, I’ve stumbled upon the webpage about Security Engineering – Third Edition (SEv3) by Prof. Ross Anderson. I’m particularly attached to this book, as it is the first book about information security that I bought (I bought SEv2 in 2012), and it was very helpful to introduce me to security engineering (coming from an EE background) and to tackle my master thesis about Random Number Generators.
I’ve collected a list of references and advisories about the KNOB attack from several hardware and software providers and organizations. You can find it in the last paragraph of the “Are my Devices Vulnerable?
I’m glad to announce that I’ve completed my PhD in Computer Science at SUTD about Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems. I’ve uploaded my thesis and the slides of my final presentation.
I’ve pushed the code to perform the KNOB attack also when the Nexus 5 is the Bluetooth slave responding to the first LMP packet. To switch between different attack modes have a look at the updated README.
In this post I’m trying to address some discussion points and misconceptions about the KNOB attack.
Attribution Researchers from CISPA discovered the KNOB attack
Partially true. The KNOB attack was discovered by myself (Daniele Antonioli) from SUTD, Nils Ole Tippenhauer from CISPA, and Kasper Rasmussen from the University of Oxford.
The code that we developed to validate and brute force E0 encryption keys is online.
The slides of my KNOB attack SEC19 talk are also online. As we can see from the slides, the KNOB attack is not conducted while two Bluetooth devices are pairing, but when two devices are connecting (establishing a new encrypted session).