Published: Mon, August 19, 2019
Electronics | By Kelly Massey

Researchers warn of criticial Bluetooth KNOB Attack

Researchers warn of criticial Bluetooth KNOB Attack

We conducted KNOB attacks on more than 17 unique Bluetooth chips (by attacking 24 different devices).

"To remedy the vulnerability, the Bluetooth SIG has updated the Bluetooth Core Specification to recommend a minimum encryption key length of 7 octets for BR/EDR connections", the standards organization noted.

The vulnerability was discovered by researchers at Singapore University of Technology and Design, Oxford, and the Helmholtz CISPA Secure Information Centre. Upon checking more than 14 Bluetooth chips from popular manufacturers such as Qualcomm, Apple, and Intel, researchers discovered that all the tested devices are vulnerable to attacks. According to the report put out by the researchers, KNOB allows bad actors to interfere with the Bluetooth pairing process. This allows hackers to make the connection's encryption shorter than what it's supposed to be, rendering the devices vulnerable to attacks. As a result, the attacker completely breaks Bluetooth BR/EDR security without being detected. Then, hackers could simply try each encryption key of that length until they find one that lets them extract all the data the devices send back and forth. In fact, they expect any standard-compliant Bluetooth device to be vulnerable.

CVE-2019-9506 affects the Bluetooth BR/EDR (Basic Rate/Enhanced Data Rate) key negotiation procedure/protocol. The team presented the findings at the USENIX Security Symposium this week, and worked with the CERT/CC at Carnegie Mellon University to coordinate the disclosure with affected vendors.

It's also good to note that the vulnerability does not effect Bluetooth Low Energy (BLE).

Gibraltar rejects USA request to seize Iranian oil tanker
Iran subsequently detained the British-flagged tanker Stena Impero in what was seen as a tit-for-tat move. Grace 1 is expected to be released from Gibraltar, but the United States intervened at the last minute.


There's no evidence the attack has actually been used, and hackers looking to use it to steal data would have to have been in close range of the devices they were trying to eavesdrop on.

On the other hand, it is said that attackers can exploit this fault even when the devices had already been paired previously.

If the attacking device was successful in shortening the encryption key length used, it would then need to execute a brute force attack to crack the encryption key.

In response, standards group Bluetooth Special Interest Group (SIG) has updated its specification to recommend a minimum encryption key length.

Like this: