New Bluetooth KNOB Flaw Lets Attackers Manipulate Traffic
[Updated 20190818_014119 UTC. (1) Added expansion of KNOB acronym and link to their site. (2) Note: the linked story has been updated since this story went live and the first 3 paragraphs you see here are no longer present on Bleeping Computer. --martyb]
Arthur T Knackerbracket has found the following story:
A new Bluetooth vulnerability named "KNOB"[*] has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices.
In a coordinated disclosure between Center for IT-Security, Privacy and Accountability (CISPA), ICASI, and ICASI members such as Microsoft, Apple, Intel, Cisco, and Amazon, a new vulnerability called "KNOB" has been disclosed that affects Bluetooth BR/EDR devices, otherwise known as Bluetooth Classic, using specification versions 1.0 - 5.1.
This flaw has been assigned CVE ID CVE-2019-9506 and allows an attacker to reduce the length of the encryption key used for establishing a connection. In some cases, an attacker could reduce the length of an encryption key to a single octet.
"The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used," stated an advisory on Bluetooth.com. "In addition, since not all Bluetooth specifications mandate a minimum encryption key length, it is possible that some vendors may have developed Bluetooth products where the length of the encryption key used on a BR/EDR connection could be set by an attacking device down to a single octet."
This reduction in key length would make it much easier for an attacker to brute force the encryption key used by the paired devices to communicate with each other.
Once the key was known to the attackers, they could monitor and manipulate the data being sent between the devices. This includes potentially injecting commands, monitoring key strokes, and other types of behavior.
[...] Below is the full list provided by ICASI of members and partners and whether they are affected:
[*] KNOB: Key Negotiation Of Bluetooth attack.
Read more of this story at SoylentNews.