TECH

KNOB Attack Weakens Bluetooth Encryption

It turns out Bluetooth might have more in common with doors than we thought. Researchers disclosed a new attack they called Key Negotiation of Bluetooth (KNOB) that affects every device released before 2018 (and potentially some released after) because of an issue with the Bluetooth protocol itself. This attack can be used to make it easier to brute-force the encryption keys used by the devices.
KNOB was discovered by researchers at the Singapore University of Technology and Design, CISPA Helmholtz Center for Information Security, and University of Oxford in 2018. The researchers said they confirmed that KNOB affects 17 unique Bluetooth chips made by Qualcomm, Apple, Intel, and Chicony. Because the problem lies with Bluetooth itself, however, it lis possible that it affects every Bluetooth device.
The issue specifically lies with the Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR) Core Configurations, which are used for low-power short-range communications, according to the CERT Coordination Center that handles public vulnerability disclosures. KNOB takes advantage of a flaw in these configurations that allows it to reduce the entropy of the encryption keys used to secure transmissions.
Higher entropy makes it harder for attackers to brute-force an encryption key; lower entropy makes it easier. KNOB enables attackers to lower the entropy of the encryption keys when two Bluetooth devices are figuring out exactly how much entropy the keys should have. CERT likened the process to a proposal where one device (Alice) asks another (Bob) if 16 bytes of entropy would be okay.
This proposal is necessary because not all Bluetooth devices use the same version of the standard, meaning they're supposed to support varying amounts of entropy, and because not all ostensibly standard-compliant devices actually enforce these minimums. If every device just used 16 bytes of entropy things would be hunky-dory. Because they don't, the entropy level is determined via a public exchange.
The researchers who disclosed KNOB said they informed manufacturers of the vulnerability in late 2018. They believe "some vendors might have implemented workarounds for the vulnerability on their devices," but devices that haven't been updated since late 2018 "is likely vulnerable." Updated devices aren't guaranteed to be safe, though, because vendors might not have addressed the issue.
KNOB makes it even more important to install Bluetooth updates as they become available. Knowing the vulnerability is out there but choosing to make devices more vulnerable to attack would be like, well, refusing to replace a broken doorknob. It's an obvious problem with a relatively easy solution--provided tech companies properly respond to its disclosure--that doesn't make any sense to ignore.

N. Mott