[VU:918987] Bluetooth BR/EDR supported devices are vulnerable to key negotiation attacks

Overview

The encryption key length negotiation process in Bluetooth BR/EDR Core v5.1 and earlier is vulnerable to packet injection by an unauthenticated, adjacent attacker that could result in information disclosure and/or escalation of privileges. This can be achieved using an attack referred to as the Key Negotiation of Bluetooth (KNOB) attack, which is when a third party forces two or more victims to agree on an encryption key with as little as one byte of entropy. Once the entropy is reduced, the attacker can brute-force the encryption key and use it to decrypt communications.

Impact

An unauthenticated, adjacent attacker can force two Bluetooth devices to use as low as 1 byte of entropy. This would make it easier for an attacker to brute force as it reduces the total number of possible keys to try, and would give them the ability to decrypt all of the traffic between the devices during that session.

Solution

Bluetooth host and controller suppliers should refer to the Bluetooth SIG's "Expedited Errata Correction 11838" for guidance on updating their products. Downstream vendors should refer to their suppliers for updates.

Acknowledgements

Thanks to Daniele Antonioli for reporting this vulnerability.