Critical Bluetooth 'KNOB' Flaw Might Leave Millions Of Devices Vulnerable

Critical Bluetooth 'KNOB' Flaw Might Leave Millions Of Devices Vulnerable
20
Aug-2019

It was recently when a security researcher, Mike Grover rigged the Apple’s Lightning Cable by hand with a small Wi-Fi-enabled implant. This when plugged into a computer allows hackers to run commands and install malicious software. The news shed light on just how vulnerable our smartphones and computers are to malicious hackers. Now, security researchers at the Singapore University of Technology and Design, Oxford, and CISPA Helmholtz Center for Information Security, have found a flaw in Bluetooth's authentication protocols which can be exploited when two devices try to connect to each other. This is a major security flaw and can make millions of devices vulnerable to malicious exploits.

The attack, dubbed KNOB (Key Negotiation Of Bluetooth) shows how a third party, without any knowledge of a secret material (such as link and encryption keys) can make the targets agree to provide access to their data while making a connection via exchange of public keys. Basically, the attacker can make the victim agree on an encryption key with only 1 byte (8 bits) of entropy, which is quite low. This low entropy allows the attacker to easily “brute-force the negotiated encryption keys, decrypt the eavesdropped ciphertext, and inject valid encrypted messages (in real-time)”. This vulnerability is scary since the attacker can get through the encryption key negotiation while the user remains completely unaware of it.

“The attack is standard-compliant because all Bluetooth BR/EDR versions require to support encryption keys with entropy between 1 and 16 bytes and do not secure the key negotiation protocol. As a result, the attacker completely breaks Bluetooth BR/EDR security without being detected. We call our attack Key Negotiation Of Bluetooth (KNOB) attack,” states the researchers in a paper released recently.

Researchers also state that the reason attackers are exploiting firmware of the Bluetooth chip is because it implements all the security features of Bluetooth BR/EDR. Researchers carried out their implementation on over 14 bluetooth chips from popular manufacturers including Intel, Broadcom, Apple, and Qualcomm.

“The KNOB attack is a serious threat to the security and privacy of all Bluetooth users. We were surprised to discover such fundamental issues in a widely used and 20 years old standard”, states the researchers. It’s not yet clear as to who’s responsible behind the malicious exploit and it's still currently under investigation.

Subscribe to our newsletter

shape