Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security IT

New Bluetooth KNOB Flaw Lets Attackers Manipulate Traffic (bleepingcomputer.com) 28

A new Bluetooth vulnerability named "KNOB" has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices. From a report: In a coordinated disclosure between Center for IT-Security, Privacy and Accountability (CISPA), ICASI, and ICASI members such as Microsoft, Apple, Intel, Cisco, and Amazon, a new vulnerability called "KNOB" has been disclosed that affects Bluetooth BR/EDR devices, otherwise known as Bluetooth Classic, using specification versions 1.0 - 5.1. This flaw has been assigned CVE ID CVE-2019-9506 and allows an attacker to reduce the length of the encryption key used for establishing a connection. In some cases, an attacker could reduce the length of an encryption key to a single octet.

"The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used," stated an advisory on Bluetooth.com. "In addition, since not all Bluetooth specifications mandate a minimum encryption key length, it is possible that some vendors may have developed Bluetooth products where the length of the encryption key used on a BR/EDR connection could be set by an attacking device down to a single octet."

This discussion has been archived. No new comments can be posted.

New Bluetooth KNOB Flaw Lets Attackers Manipulate Traffic

Comments Filter:
  • I know I'm in the paranoid minority but I've disabled Bluetooth on every device I own, for years. I'll keep my wired headsets and wired speakers and continue along happily without worrying that every device I own is planning on leaking my personal info.

    • Very appropriate name for this vulnerability. If you use Bluetooth you are a KNOB.

      Bluetooth is one of the stupidest names ever created and it should be avoided just for that reason alone.

      • On the contrary. Even the most radical Luddites can use tech named after a tenth century king.
        • a radical Luddite? Do they wear 80's shutter shades while holding up the line at a brick-and-mortar store demanding that they accept checks?

    • by AHuxley ( 892839 )
      1+ for no Bluetooth :) No wifi :) No open mic connected to an ad company.
  • Seriously, from a security point of view, it's the Flash player of protocols.

    • Headphones and computer mice seem pretty low risk, although I suppose you might be able to get something juicy monitoring a keyboard.
      • Headphones and computer mice seem pretty low risk, although I suppose you might be able to get something juicy monitoring a keyboard.

        Or a Bluetooth connected printer.

      • Unfortunately even that can be abused.

  • It's still a mystery why Google went with Bluetooth for their security product when Ubico sanely used USB and/or NFC. Either they didn't talk to the guys at Project Zero, they ignored them, or they didn't intend for the product to provide an adequate level of security.

  • ... since I'm not bluetooth hacking expert: Would it be possible to hijack a bluetooth connection transferring audio data? Concrete: I would like to take a small computer, perhaps a Rasberry Pi or a small laptop and whenever a group of youngsters blare their bluetooth loudspeakers on the tram just turn on the computer, run a script and have the bluetooth speaker run my audioclip instead of theirs after 30 seconds or so. My clip - of course - would run obscenities, sing a song in false tune about how the person holding the bluetooth speaker has bad breath, a bad case of genital crabs and is a total douche in his/her spare time. Super fun in abundance.

    I presume it would require two or three steps:

    1) Identifying the bluetooth connection (this could be done manually in an overview of active connections around me).
    2) Jamming the current active connection.
    3) Hijacking it with my BT audio output.

    To all BT hackers this question: Is this possible or too much of a hassle? Is BT range to low? Could I boost it to a relyable 20 meters? And whats with jamming and then hijacking? What is the likelyhood of grabbing a connection off a paired set of devices (Smartphone and BT speaker)?

    A fellow slashdotter is eager for your input!

    Thanks.

    • Why not just carry around a 2.45GHz transmitter at say 5 or 10 watts. It'd obliterate every bluetooth device.
      • Why not just carry around a 2.45GHz transmitter at say 5 or 10 watts. It'd obliterate every bluetooth device.

        It'd also obliterate most wifi signals in the wild. That would be a total dick move.

        • That would be a total dick move.

          Perfect for a KNOB vulnerability.

        • by Khyber ( 864651 )

          Considering most wifi signals interfere with each other as-is, wiping them out would be a boon. As it stands, just me turning on my microwave makes everyone's wifi within a few hundred meters utterly useless.

          • by tlhIngan ( 30335 )

            Considering most wifi signals interfere with each other as-is, wiping them out would be a boon. As it stands, just me turning on my microwave makes everyone's wifi within a few hundred meters utterly useless.

            Incorrect - WiFi networks do not interfere - as part of CSMA/CA (carrier sense multiple access/collision avoidance) (as opposed to Ethernet's CSMA/CD), every WiFi module is monitoring the airwaves and will take steps such that they will not try to step on one another and interfere.

            That's why the whole "

            • by Khyber ( 864651 )

              "Incorrect - WiFi networks do not interfere"

              Physics. Try again when you understand them. I can boost the transmit power on my station and drown out everyone else.

    • BT experts? Anyone? Is my little hacking project proposal possible or not? And no, I don't just want to jam the signal. That's n00b stuff and not half as rewarding.

  • I'm guessing they do know what thats slang for in british english and its some failed attempt at being risque.

  • So happy smartphone vendors are forcing us into Bluetooth, and that the movement was led by Apple who claims to care about security.
  • My experience with bluetooth has been that it can't hold a connection for over twenty feet or so. I know the box claims 300, but I have no idea what those laboratory conditions prototype hardware look like. The none of the devices I've ever owned had anywhere close to that range.

    Isn't this secure enough for a set of earbuds? A hacker would have to be within a very close range when the connection is being made, and then he has access to my Ben Shapiro stream. That's a lot of effort to follow me around to

    • This vulnerability is only an issue during pairing. You pair your headphones once when you inbox them. If you suspect your neighbor has a son that never leaves the basement, you should probably have a lead lined wall on that side of the house. If you constantly have vans with blacked out windows parked outside, you probably have bigger things to worry about. For ordinary people, this is a low risk problem.

news: gotcha

Working...