The Bluetooth protocol has a fundamental weakness that can allow an attacker to intercept and decrypt supposedly secure communications, and the vulnerability affects virtually every device that has Bluetooth capabilities.
The vulnerability is in the method that Bluetooth devices use to negotiate the initial encryption key to secure communications between them. The Bluetooth specification states that the key must be between right and 128 bits in length and the process through which the two devices negotiate the key length is done in the clear with no authentication. A group of researchers developed a new attack called KNOB (Key Negotiation of Bluetooth) that can force two devices to use an 8-bit key, which can be brute-forced quite easily, allowing the adversary to listen in on any encrypted sessions between the devices without being detected. The weakness affects the Bluetooth firmware and the researchers tested their attack on a wide variety of chips from Broadcom, Intel, Apple, and Qualcomm, among others, all of which were vulnerable.
An attacker would simply need to be within Bluetooth range of the target devices to launch the KNOB attack.
“The KNOB attack can be conducted remotely or by maliciously modifying few bytes in one of the victim’s Bluetooth firmware. Being a standard-compliant attack it is expected to be effective on any firmware implementing the Bluetooth specification, regardless of the Bluetooth version. The at- tacker is not required to possess any (pre-shared) secret material and he does not have to observe the pairing process of the victims,” the paper says.
“The attack is effective even when the victims use the strongest security mode of Bluetooth (Secure Connections). The attack is stealthy because the application using Bluetooth and even the operating systems of the victims can- not access or control the encryption key negotiation protocol.”
The research team that developed the attack includes Daniele Antonelli of Singapore University of Technology and Design, Nils Ole Tippenhauer of CISPA Helmholtz Center for Information Security, and Kasper Rasmussen of the University of Oxford. The team presented the findings at the USENIX Security Symposium this week, and worked with the CERT/CC at Carnegie Mellon University to coordinate the disclosure with affected vendors.
For individual users, the attack as described by the researchers would be invisible and the best defense at this point is to turn off Bluetooth on affected devices. But that removes quite a bit of the functionality of many devices, especially phones. The Bluetooth Special INterest Group, which maintains the specification, has changed the specification to require a longer minimum key length.
“To remedy the vulnerability, the Bluetooth SIG has updated the Bluetooth Core Specification to recommend a minimum encryption key length of 7 octets for BR/EDR connections. The Bluetooth SIG will also include testing for this new recommendation within our Bluetooth Qualification Program. In addition, the Bluetooth SIG strongly recommends that product developers update existing solutions to enforce a minimum encryption key length of 7 octets for BR/EDR connections,” the statement says.
The KNOB attack is quite similar to a vulnerability that Google fixed in the Titan hardware security keys in May.