CAPEC-668 Detail

CAPEC-668

Name

Key Negotiation of Bluetooth Attack (KNOB)

Likihood attacks

Low

Typical Severity

High

Status

Draft

Published

2021-06-24
00h00 +00:00

Modified

2022-09-29
00h00 +00:00

Official links

CAPEC Mitre.org

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Notifications manage

List of Notifications

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CAPEC ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Descriptions CAPEC

An adversary can exploit a flaw in Bluetooth key negotiation allowing them to decrypt information sent between two devices communicating via Bluetooth. The adversary uses an Adversary in the Middle setup to modify packets sent between the two devices during the authentication process, specifically the entropy bits. Knowledge of the number of entropy bits will allow the attacker to easily decrypt information passing over the line of communication.

Informations CAPEC

Execution Flow

1) Explore

[Discovery] Using an established Person in the Middle setup, search for Bluetooth devices beginning the authentication process.

Technique

Use packet capture tools.

2) Experiment

[Change the entropy bits] Upon recieving the initial key negotiation packet from the master, the adversary modifies the entropy bits requested to 1 to allow for easy decryption before it is forwarded.

3) Exploit

[Capture and decrypt data] Once the entropy of encryption is known, the adversary can capture data and then decrypt on their device.

Prerequisites

Person in the Middle network setup.

Skills Required

Ability to modify packets.

Resources Required

Bluetooth adapter, packet capturing capabilities.

Mitigations

Newer Bluetooth firmwares ensure that the KNOB is not negotaited in plaintext. Update your device.

Related Weaknesses

CWE-ID	Weakness Name
CWE-425	Direct Request ('Forced Browsing') The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
CWE-285	Improper Authorization The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-693	Protection Mechanism Failure The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

References

REF-657

Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks
Jovi Umawing.
https://blog.malwarebytes.com/awareness/2019/08/bluetooth-vulnerability-can-be-exploited-in-key-negotiation-of-bluetooth-knob-attacks/

Submission

Name	Organization	Date	Date release
CAPEC Content Team	The MITRE Corporation	2021-06-24 +00:00

Modifications

Name	Organization	Date	Comment
CAPEC Content Team	The MITRE Corporation	2022-09-29 +00:00	Updated Taxonomy_Mappings