Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-668:Key Negotiation of Bluetooth Attack (KNOB)
Attack Pattern ID:668
Version:v3.9
Attack Pattern Name:Key Negotiation of Bluetooth Attack (KNOB)
Abstraction:Standard
Status:Draft
Likelihood of Attack:Low
Typical Severity:High
DetailsContent HistoryRelated WeaknessesReports
▼Description
An adversary can exploit a flaw in Bluetooth key negotiation allowing them to decrypt information sent between two devices communicating via Bluetooth. The adversary uses an Adversary in the Middle setup to modify packets sent between the two devices during the authentication process, specifically the entropy bits. Knowledge of the number of entropy bits will allow the attacker to easily decrypt information passing over the line of communication.
▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ChildOfM115Authentication Bypass
CanFollowS20Encryption Brute Forcing
CanFollowM94Adversary in the Middle (AiTM)
CanPrecedeM148Content Spoofing
Nature: ChildOf
Type: Meta
ID: 115
Name: Authentication Bypass
Nature: CanFollow
Type: Standard
ID: 20
Name: Encryption Brute Forcing
Nature: CanFollow
Type: Meta
ID: 94
Name: Adversary in the Middle (AiTM)
Nature: CanPrecede
Type: Meta
ID: 148
Name: Content Spoofing
▼Execution Flow
Explore
1.

Discovery

Using an established Person in the Middle setup, search for Bluetooth devices beginning the authentication process.

Technique
Use packet capture tools.
Experiment
1.

Change the entropy bits

Upon recieving the initial key negotiation packet from the master, the adversary modifies the entropy bits requested to 1 to allow for easy decryption before it is forwarded.

Technique
Exploit
1.

Capture and decrypt data

Once the entropy of encryption is known, the adversary can capture data and then decrypt on their device.

Technique
▼Prerequisites
Person in the Middle network setup.
▼Skills Required
Medium

Ability to modify packets.

▼Resources Required
Bluetooth adapter, packet capturing capabilities.
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
ConfidentialityN/ARead DataN/A
ConfidentialityAccess ControlAuthorizationN/ABypass Protection MechanismN/A
IntegrityN/AModify DataN/A
Scope: Confidentiality
Likelihood: N/A
Impact: Read Data
Note: N/A
Scope: Confidentiality, Access Control, Authorization
Likelihood: N/A
Impact: Bypass Protection Mechanism
Note: N/A
Scope: Integrity
Likelihood: N/A
Impact: Modify Data
Note: N/A
▼Mitigations
Newer Bluetooth firmwares ensure that the KNOB is not negotaited in plaintext. Update your device.
▼Example Instances
▼Related Weaknesses
IDName
CWE-285Improper Authorization
CWE-425Direct Request ('Forced Browsing')
CWE-693Protection Mechanism Failure
ID: CWE-285
Name: Improper Authorization
ID: CWE-425
Name: Direct Request ('Forced Browsing')
ID: CWE-693
Name: Protection Mechanism Failure
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
ATTACK1565.002Data Manipulation: Transmitted Data Manipulation
Taxonomy Name: ATTACK
Entry ID: 1565.002
Entry Name: Data Manipulation: Transmitted Data Manipulation
▼Notes
▼References
Reference ID: REF-657
Title: Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks
Author: Jovi Umawing
Publication:
Publisher:MalwareBytes
Edition:
URL:https://blog.malwarebytes.com/awareness/2019/08/bluetooth-vulnerability-can-be-exploited-in-key-negotiation-of-bluetooth-knob-attacks/
URL Date:2021-06-11
Day:21
Month:08
Year:2019
Details not found