You are here

You are here

KNOB attack confirms Bluetooth is horribly insecure (episode #2914)

Richi Jennings Industry analyst and editor, RJAssociates

Here we go again: yet another critical security bug in Bluetooth.

This time, we learn that the classic Bluetooth standards were badly written: Just about every implementation fails to ensure enough encryption-key entropy. So a nearby malicious actor could break into a pairing exchange and force the endpoints to downgrade the key to just one octet (all eight bits of it).

When will we learn? In this week’s Security Blogwatch, we can’t wait for the next Bluetooth fail.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Cool.

[ Get up to speed with TechBeacon's guide to a Modern Security Operations Center. Plus: Learn how to defend against insider threats with Interset and CrowdStrike. ]

Only one octet? Byte me.

What’s the craic? Lawrence Abrams reports—New Bluetooth KNOB Attack:

A new Bluetooth vulnerability [allows] attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices. [It] affects Bluetooth BR/EDR devices, otherwise known as Bluetooth Classic, using specification versions 1.0 – 5.1.

This flaw has been assigned CVE ID CVE-2019-9506 and allows an attacker to reduce the length of the encryption key … to a single octet. … This reduction in key length would make it much easier for an attacker to brute force [it].

To resolve this vulnerability, the Bluetooth specification has been updated to recommend a minimum encryption key length of 7 octets.

Never one to underplay a vulnerability, Zak Doffman says that it Exposes Millions Of Devices To Attack:

We don't spend much time thinking about the security between our paired devices and the data moving between them. But this latest disclosure—and the 'update now' warning that comes with it—suggests we should start doing exactly that.

The very simplicity and ease of use of Bluetooth is its weakness in this instance. … And this is a major issue.

Forget headphones and speakers—what about printers, data and image exchange between devices and car systems, to name but a few. … As ever with IoT, the issue is that you're less likely to update the firmware on a Bluetooth device than a computer, and that's now an issue you need to think about.

Who discovered it? Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen paper over the cracks—The KNOB is Broken:

The … attack exploits a vulnerability at the architectural level of Bluetooth. The vulnerable encryption key negotiation protocol endangers potentially all standard compliant Bluetooth devices, regardless [of] their Bluetooth version number and implementation details.

The KNOB attack has serious implications related to its effectiveness, stealthiness, and cost. … The attacker can brute force the encryption key without having to know any (pre-shared) secret material and without having to observe the Secure Simple Pairing protocol.

We were surprised to discover such fundamental issues in a widely used and 20 years old standard. We attribute the identified issues in part to ambiguous phrasing in the standard, as it is not clear who is responsible for enforcing the entropy … and as a result no-one seems to be responsible.

That’s bananas. And Hanno Böck thinks so too:

What is even more bananas than the mere existence of this attack is the statement of the bluetooth standardization group. … Here's their plan to fix this:

"To remedy the vulnerability, the Bluetooth SIG has updated the Bluetooth Core Specification to recommend a minimum encryption key length of 7 octets."

7 octets, aka 56 bits.

So it looks like this vulnerability is here to stay. They just raise the bar from "trivially breakable" to "you need a bit of cloud-computing effort to break."

Ouch. It prompts Opportunist to ask:

Why is Bluetooth still in use? Seriously, from a security point of view, it's the Flash player of protocols.

And it’s hardly the first time. Steve Gibson is amazed:

[This is just] the most recent attack on Bluetooth pairing negotiation [that] renders all Bluetooth associations vulnerable to a trivial attack. … What we have … and we’ve encountered these many times [is] another classic cryptographic security downgrade attack, similar to what we have run into many times through the years. It’s amazing that Bluetooth is this mature and that we’re only now noticing this oversight.

This was just … over-engineering. Someone said, “Hey, let’s add a … negotiation, to allow the endpoints to negotiate down the amount of entropy.” … Was this the NSA that was secretly participating in some committee? Because this is nuts.

I have several times observed that there is a large—though brief—period of inherent vulnerability during Bluetooth pairing. … You have two unauthenticated devices hoping to perform a secure negotiation.

It’s simply not possible to do that securely without some covert out-of-band channel. It’s just not.

If someone really really needed Bluetooth security … they should stand out in the middle of a completely deserted parking lot … and hope that no one is aiming high-gain antennas at them! [Or] bring a large roll of tinfoil.

But jrumney wonders if it’s all a fuss about nothing:

This vulnerability is only an issue during pairing. You pair your headphones once when you unbox them.

If you constantly have vans with blacked out windows parked outside, you probably have bigger things to worry about. For ordinary people, this is a low risk problem.

Hang on, that’s a misunderstanding. As sp332 notes, an attacker could force a renegotiation:

According to [the CERT coordination center] either side can propose a new amount of entropy and the other side can accept or reject it.

Meanwhile, junk dons the aluminum headgear:

I know I'm in the paranoid minority but I've disabled Bluetooth on every device I own, for years. I'll keep my wired headsets and wired speakers and continue along happily without worrying that every device I own is planning on leaking my personal info.

The moral of the story?

Consider banning or restricting use of classic-Bluetooth devices in your organization.

[ Learn how to practice zero trust security with TechBeacon's guide. Plus: Join top experts in this July 7 Webinar to learn how get to zero trust access control with low friction. ]

And finally

Everything wrong with Jonas Brothers – “Cool”

 (NSFC: Exodus 20:7)


You have been reading Security Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: Mauren Veras (cc:by)

[ Learn how to supercharge your behavioral analytics with CrowdStrike EDR in this Webinar. Plus: Get the State of SecOps Report. ]