CAPEC 668 Key Negotiation of Bluetooth Attack (KNOB)

Draft Standard Low Risk

Severity High

Description

An adversary can exploit a flaw in Bluetooth key negotiation allowing them to decrypt information sent between two devices communicating via Bluetooth. The adversary uses an Adversary in the Middle setup to modify packets sent between the two devices during the authentication process, specifically the entropy bits. Knowledge of the number of entropy bits will allow the attacker to easily decrypt information passing over the line of communication.

Attack Execution Flow

Step 1

Explore

[Discovery] Using an established Person in the Middle setup, search for Bluetooth devices beginning the authentication process.
Use packet capture tools.

Attack Techniques

Use packet capture tools.

Step 2

Experiment

[Change the entropy bits] Upon recieving the initial key negotiation packet from the master, the adversary modifies the entropy bits requested to 1 to allow for easy decryption before it is forwarded.

Step 3

Exploit

[Capture and decrypt data] Once the entropy of encryption is known, the adversary can capture data and then decrypt on their device.

CAPEC 668 Key Negotiation of Bluetooth Attack (KNOB)

Description

Attack Execution Flow

Step 1

Attack Techniques

Step 2

Step 3

Mitigations

Newer Bluetooth Firmwares Ensure That The Knob Is Not Negotaited In Plaintext. Update Your Device.

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Parent CAPECs

Related ATT&CK Techniques

Transmitted Data Manipulation

Resources Required

CAPEC 668 Key Negotiation of Bluetooth Attack (KNOB)

Description

Attack Execution Flow

Step 1

Attack Techniques

Step 2

Step 3

Mitigations

Newer Bluetooth Firmwares Ensure That The Knob Is Not Negotaited In Plaintext. Update Your Device.

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Parent CAPECs

Related ATT&CK Techniques

Transmitted Data Manipulation

Resources Required

Iscriviti alla newsletter