About the KNOB Attack

TL;DR: The specification of Bluetooth includes an encryption key negotiation protocol that allows to negotiate encryption keys with 1 Byte of entropy without protecting the integrity of the negotiation process. A remote attacker can manipulate the entropy negotiation to let any standard compliant Bluetooth device negotiate encryption keys with 1 byte of entropy and then brute force the low entropy keys in real time.

Bluetooth is a wireless communication protocol commonly used between low power devices to transfer data, e.g., between a wireless headset and a phone, or between two laptops. Bluetooth communications might contain private and/or sensitive data, and the Bluetooth standard provides security features to protect against someone who wants to eavesdrop and/or manipulate your information. We found and exploited a severe vulnerability in the Bluetooth specification that allows an attacker to break the security mechanisms of Bluetooth for any standard-compliant device. As a result, an attacker is able to the listen, or change the content of, nearby Bluetooth communication, even between devices that have previously been successfully paired.

We call our attack the Key Negotiation of Bluetooth (KNOB) Attack. Because this attack affects basically all devices that "speak Bluetooth", we decided to coordinate public disclosure with industry to try to make sure that workarounds could be put in place. In November 2018 we shared details of the attack with the Bluetooth Special Interest Group (Bluetooth SIG)—the standards organisation that oversees the development of Bluetooth standards—as well as the CERT Coordination Center and the International Consortium for Advancement of Cybersecurity on the Internet (ICASI)—an industry led coordination body founded by Intel, Microsoft, Cisco, Juniper and IBM.

Video recording of the KNOB attack presentation at USENIX Security 2019 by Daniele Antonioli:

For more information on affected systems see CVE-2019-9506 . The technical details of the attack are available in our research paper and our slides. Our repository contains the code that we developed to implement and test the KNOB attack, including our PoC and the code for E0.