A newly disclosed vulnerability (CVE-2019-9506) in the Bluetooth Core Specification can be exploited by attackers to intercept and manipulate Bluetooth communications/traffic between two vulnerable devices.
Researchers Daniele Antonioli, Nils Ole Tippenhauer and Kasper Rasmussen discovered the flaw and demonstrated a practical Key Negotiation Of Bluetooth (KNOB) attack taking advantage of it.
They also shared their discovery with the Bluetooth Special Interest Group (Bluetooth SIG), the CERT Coordination Center, and members of the International Consortium for Advancement of Cybersecurity on the Internet (ICASI), which include Intel, Microsoft, Cisco, Juniper and IBM. Most of these have already implemented the fixes required to prevent exploitation of the flaw.
The KNOB attack and its limitations
CVE-2019-9506 affects the Bluetooth BR/EDR (Basic Rate/Enhanced Data Rate) key negotiation procedure/protocol.
“The attack allows a third party, without knowledge of any secret material (such as link and encryption keys), to make two (or more) victims agree on an encryption key with only 1 byte (8 bits) of entropy. Such low entropy enables the attacker to easily brute force the negotiated encryption keys, decrypt the eavesdropped ciphertext, and inject valid encrypted messages (in real-time),” the researchers explained in a recently released paper and to the audience of the 28th USENIX Security Symposium.
“The attack is standard-compliant because all Bluetooth BR/EDR versions require to support encryption keys with entropy between 1 and 16 bytes and do not secure the key negotiation protocol. The attack targets the firmware of the Bluetooth chip because the firmware (Bluetooth controller) implements all the security features of Bluetooth BR/EDR. As a standard-compliant attack, it is expected to be effective on any firmware that follows the specification and on any device using a vulnerable firmware.”
The researchers tested 17 Bluetooth chips from manufacturers such as Intel, Broadcom, Apple, and Qualcomm, and found them all to be vulnerable. In fact, they expect any standard-compliant Bluetooth device to be vulnerable.
The KNOB attack has several limitations, which make it less critical than it otherwise would be:
- The attacker must be physically near the targeted device(s), i.e., within wireless range
- It can only be performed during negotiation or renegotiation of a paired device connection, i.e., existing sessions cannot be attacked
- It must be performed within a narrow time window
- Both devices must be vulnerable for the attack to work.
According to the Bluetooth SIG, there is no evidence that the vulnerability has been exploited maliciously and they are not aware of any devices implementing the attack having been developed.
It’s also good to note that the vulnerability does not effect Bluetooth Low Energy (BLE).
“To remedy the vulnerability, the Bluetooth SIG has updated the Bluetooth Core Specification to recommend a minimum encryption key length of 7 octets for BR/EDR connections,” the standards organization noted.
“The Bluetooth SIG will also include testing for this new recommendation within our Bluetooth Qualification Program. In addition, the Bluetooth SIG strongly recommends that product developers update existing solutions to enforce a minimum encryption key length of 7 octets for BR/EDR connections.”
ICASI members and partners have already pushed out or are in the process of pushing out fixes.
Cisco has discovered several affected devices (fixes are pending).
A10 Networks, Juniper, Oracle and VMWare are not impacted.
CERT/CC’s vulnerability note should be updated (in due time) to point to other affected entities.