A research team has publicized about a vulnerability in Bluetooth that may affect nearly every device that supports the wireless communication protocol. Chipmakers were made aware to the so-called Key Negotiation of Bluetooth (KNOB) Attack in November. BlackBerry and Google have announced patches for Android devices.
The vulnerability occurs in the encryption key generation process when two device are pairing. Specifically, an entropy load to obscure the key while in transit is negotiated in an unencrypted fashion and can be easily interfered with either by a man-in-the-middle attack or bad code injected into a Bluetooth chip’s firmware. The devices can be deceived into agreeing on an entropy load as small as — as dictated by Bluetooth specification — 1 byte, thus making it relatively easy to brute force the encryption key. The host devices are not aware of the key negotiation process, only of the key generated.
This issue does not affect Bluetooth Low Energy connections.
Daniele Antonioli of Singapore University of Technology and Design, Nils Ole Tipphenhauer of the Helmholtz Center for Information Security, and Kasper B. Rasmussen of the University of Oxford tested 17 unique chips from Broadcom, Qualcomm, Apple, Intel, and Chicony, finding all of them susceptible to attack. CVE-2019-9506 is available for inspection.
As mentioned above, BlackBerry patched its Android devices that support its June update and later. Google also fixed the issue on its August 5 level patch — good news for Pixels and other early adopters for Android security updates, not so good for other OEMs.