CYBERSECURITY RESEARCHERS have uncovered a flaw found a flaw that affects pretty much every device that uses the Bluetooth wireless connectivity protocol.
Clever folks from Singapore University of Technology and Design, Oxford, and CISPA Helmholtz Center for Information Security found that a bug in the way Bluetooth authentication protocols could be exploited to cause man-in-the-middle attacks that could snoop on information flowing between two paired devices.
The boffins dubbed the flaw KNOB - stop laughing at the back - which stands for "Key Negotiation of Bluetooth" and it affects almost all Bluetooth devices.
That makes it a pretty serious flaw at first glance, to the extent the folks at Bluetooth SIG have changed the standard to require a minimum encryption key length.
Why? You might ask. Well, that's because playing with the KNOB flaw can cock-up Bluetooth's encryption keys.
And here's why. Bluetooth devices pair using public encryption keys, which can be 16 bytes to a mere single byte in length. Hackers savvy to this can intercept an encryption key sent from one device to another and reduce the length of the encryption key for future pairings.
The key can be squashed down to just a single octet - basically the size of one byte - which then makes it easy to brute force the encryption key next time round.
There's a bit of back and forth for this to happen, so we'll let the smarter people explain it with an example.
"Alice's Bluetooth host requests to activate (set) encryption. Alice's Bluetooth controller accepts the local requests and starts the encryption key negotiation procedure with Bob's Bluetooth controller over the air," the researchers explained.
"The attacker intercepts Alice's proposed key entropy and substitutes 16 with 1. This simple substitution works because LMP is neither encrypted nor integrity protected. Bob's controller accepts 1 byte. The attacker intercepts Bob's acceptance message and changes it to an entropy proposal of 1 byte. Alice thinks that Bob does not support 16 bytes of entropy and accepts 1 byte.
"The attacker intercepts Alice's acceptance message and drops it. Finally, the controllers of Alice and Bob compute the same K'C with one byte of entropy and notify their respective hosts that link-layer encryption is on."
One that's done a hacker could then intercept and snoop on data being transferred between the paired devices, such as keystrokes. files or even conversation if a connection to a Bluetooth headset is intercepted.
This all sounds like a pretty messy situation. But in reality, exploiting the flaw would take a good bit of effort and some pretty impeccable timing. And KNOB hasn't been touched outside of the lab by the looks of things.
For an attacker to exploit the flaw, they'd need to be within Bluetooth range of a pair of devices and be poised to strike at the moment the devices begin the pairing process, ad even doing that isn't a great way to erect a KNOB exploit.
"The attacking device would need to intercept, manipulate, and retransmit key length negotiation messages between the two devices while also blocking transmissions from both, all within a narrow time window," explained Bluetooth SIG.
"If the attacking device was successful in shortening the encryption key length used, it would then need to execute a brute force attack to crack the encryption key. In addition, the attacking device would need to repeat the attack each time encryption gets enabled since the encryption key size negotiation takes place each time."
With that in mind, you're more likely to see someone fiddling with their knob in you're local coffee shop than trying to target you with a KNOB attack.
But Bluetooth SIG still took action to rule that Bluetooth encryption keys have a minimum of seven octets, thereby rendering KNOB into a flaccid attack vector.
While you don't need to worry about KNOB - amirite ladies? - the whole situation highlights that Bluetooth still has some way to go before it's infallible. µ
Not all it's Mac'd up to be
X marks the smart home
The lens said the better