KNOB Vulnerability in Bluetooth Could Manipulate Transmitted Data
Using this vulnerability, an attacker can reduce the length of an encryption key, making it easier to crack.
The Bluetooth vulnerability, called KNOB, facilitates the selection of the encryption key used when connecting devices, and allows you to manipulate the data transmitted between the two devices. The problem affects Bluetooth BR / EDR (Bluetooth Classic) enabled devices with specification versions 1.0 – 5.1.
Vulnerability (CVE-2019-9506) allows an attacker to reduce the length of the encryption key used to establish the connection. In some cases, the key length can be reduced to one octet. Thanks to this, it will be much easier for an attacker to carry out a brute force attack and pick up the encryption key used by the devices when connecting to each other.
Having obtained the key, the attacker can manipulate the data transmitted between devices, including injecting commands, monitoring keystrokes, etc.
Exploiting a vulnerability is not so easy, and certain conditions are required to carry out an attack. Firstly, both devices must support Bluetooth BR / EDR. Secondly, while connecting devices to each other, the attacker should be nearby. Thirdly, the attacking device needs to be able to intercept, manipulate and retransmit messages about the coordination of the key length between the two devices and at the same time block transfers from both.
In addition, to obtain an encryption key, it is not enough to shorten its length; you still need to successfully crack it. The attack needs to be repeated every time devices are connected again.
There is currently no information on exploiting the vulnerability in real attacks.