Award Banner
Award Banner
digicult

Researchers release details on security flaw that affects almost all Bluetooth devices

Researchers release details on security flaw that affects almost all Bluetooth devices
PUBLISHED ONAugust 20, 2019 6:31 AMByWong Chung Wee

KNOB, which is short for Key Negotiation of Bluetooth, is a security flaw that's present in the Bluetooth communication protocol.

PHOTO: Bluetooth SIG

According to the security researchers, almost all Bluetooth devices on the market are prone to KNOB attacks. The researchers revealed the flaw in late 2018 to the industry, namely the Bluetooth Special Interest Group (Bluetooth SIG), as well as the CERT Coordination Center and the International Consortium for Advancement of Cybersecurity on the Internet (ICASI).

This security flaw is pressing enough for Bluetooth SIG to update the Bluetooth Core Specification. The exploit involves the attacker attempting to interfere with the Bluetooth BR/EDR (Bluetooth Basic Rate/ Enhanced Data Rate) communication between two Bluetooth devices during their pairing.

PHOTO: Knob Attack

The vulnerability stems from the lack of a mandated length of the encryption key used during Bluetooth BR/EDR communication.

As a result, the attacker can possibly intercept the negotiating messages between the two devices and manipulate the entire process to "accept" an encryption key that has low entropy, and it can be as little as a 1 byte (8 bits), i.e., a single character.

However, this attack needs to be done in an extremely short window period, and the attacker needs to be close to the pairing Bluetooth devices.

Once the Bluetooth BR/EDR communication has been compromised by "agreeing" to the manipulated encryption key length, the attacker has to carry out a brute-force attack to guess the encryption key in order to decrypt communications.

PHOTO: Knob Attack

According to the researchers, this attack warrants immediate attention because it's effective, hard to detect and low-cost. The attack works even if the Bluetooth devices have enabled their security modes.

The Bluetooth SIG has stated there isn't any evidence that the attack has been carried out but it has updated its specifications to recommend a minimum encryption key length of 7 octets (bytes) for BR/EDR connections. The body has also communicated details and its remedy to their members, encouraging "to rapidly integrate any necessary patches."

The researchers have assured that if your Bluetooth device has been updated late last year in 2018, it should be safe from KNOB attacks. This is based on the assumption that respective equipment manufacturers have updated their drivers and firmware.

The researchers hailed from Singapore University of Technology and Design, CISPA Helmholtz Centre for Information Security and University of Oxford. They have presented their findings at the USENIX Security Symposium and shared their POC on GitHub. They observed an embargo period so as to allow affected equipment manufacturers to rectify their products' vulnerability.

Vendors like Apple, Lenovo, and Intel have already issued advisories to address KNOB. Another reason to breathe a sigh of relief is Bluetooth LE devices appear to be safe from KNOB attacks for now. These devices include heart rate monitors and fitness trackers.

Do visit Bluetooth SIG as well as CERT Coordination Centre for their official response to KNOB.

This article was first published in Hardware Zone.

Digital

homepage

trending

trending
    ICA to conduct safety review after Woodlands Checkpoint accident
    singapore
    ICA to conduct safety review after Woodlands Checkpoint accident
    singapore
    Bangladeshi worker dies after being struck by reversing truck at HDB worksite in Yishun
    entertainment
    'We've been promoted': Zhu Houren and wife welcome first grandchild
    entertainment
    Miriam Yeung, Joey Yung and Nancy Wu among celebs seen at Lady Gaga's Singapore concerts
    entertainment
    'I travelled across the ocean to meet you': Zoe Tay reunites with Hong Kong veteran actor Damian Lau after a decade
    lifestyle
    Obesity rates are rising in Singapore, but is overeating the only cause?
    entertainment
    Ado concert review: Singer without a face ignites fans while in cage with only silhouette visible
    lifestyle
    Maxus Mifa 7 review: A large Chinese electric MPV that bucks the luxury trend
    singapore
    RDU aims to form 'shadow government' to take party forward
    lifestyle
    Free things to do in Singapore (May to June): i Light Singapore, GastroBeats, Pasar Pink, Children's Festival and more
    lifestyle
    Is Singapore's F&B industry struggling? Hawkers, entrepreneurs and insiders weigh in
    entertainment
    Chen Shucheng, Ya Hui, Felicia Chin and more recall their significant Star Awards moments
    entertainment
    Murder mystery pop-up inspired by K-drama Nine Puzzles lets you take a shot at playing detective

Singapore

Singapore
See More
btn-arrow
    • singapore
      Chee Hong Tat to chair Chinese Community Liaison Group, succeeding Edwin Tong
    • money
      'Short-term, more conservative view': Local businesses struggle to come to terms with US tariffs
    • singapore
      We will involve Singaporeans in creating and implementing solutions, says PM Wong as new Cabinet sworn in
    • singapore
      Singapore has never stayed neutral and does take positions on trade with US and China: Gan Kim Yong
    • singapore
      Spotlight on billionaires and tycoons who chose Singapore to set up their foundations for charity work
    • singapore
      2 men and a woman arrested for alleged involvement in impersonating MAS staff, scamming victim of nearly $100k
    • singapore
      Daily roundup: Murder mystery pop-up inspired by K-drama Nine Puzzles lets you take a shot at playing detective — and other top stories today
    • singapore
      LTA impounds 78 non-compliant AMDs to address rising number of fire incidents
    • singapore
      Youth who performed lewd act on cat pleads guilty
    • singapore
      $4.6m fine: 2 contractors taken to task for rigging tender bids of upgrading works at PA community clubs

Entertainment

Entertainment
See More
btn-arrow
    • entertainment
      Tay Ying holds 'guo da li' ceremony, jokes she's 'sold'
    • entertainment
      Tom Cruise sends BTS' Jin on secret-agent challenges in variety show
    • entertainment
      Little Monsters flock to Maxwell Food Centre table that Lady Gaga dined at
    • entertainment
      Ayumi Hamasaki, CL, Show Lo: Singapore concert calendar for 2025
    • entertainment
      Rust armourer Hannah Gutierrez-Reed released from prison
    • entertainment
      Hulk Hogan can 'feel his hands' again after undergoing neck surgery
    • entertainment
      Jafar Panahi wins Palme d'Or at Cannes Film Festival
    • entertainment
      Barry Keoghan confesses to being an addict

Lifestyle

Lifestyle
See More
btn-arrow
    • lifestyle
      Supermarket meets kopitiam: New FairPrice Finest outlet featuring food hall opens in Sembawang
    • lifestyle
      Bak kut teh or laksa? Uniqlo's latest drop features Singapore food-inspired collection
    • lifestyle
      Kopitiam offering 60-cent hot kopi-o and teh-o from June to mark SG60
    • lifestyle
      Jurassic World, inflatable playgrounds and more: Family-friendly events and activities this June holiday
    • lifestyle
      Father's Day: What to get for the dad who says he wants nothing
    • lifestyle
      Built different: 60 everyday street smarts that make Singaporeans… Singaporean
    • lifestyle
      7 new residential sites near MRT stations in URA's latest Master Plan update (and what to expect)
    • lifestyle
      Penang, rewritten: What do the city's new hotels say about its second act?
    • lifestyle
      What to look for in a pregnancy milk: A guide for expecting mums
    • lifestyle
      Cat A COE premiums remain above $100k despite slight dip in second bidding for May 2025

Digicult

Digicult
See More
btn-arrow
    • digicult
      World's best Dota 2 teams to compete for $1m prize pool in Singapore in November
    • digicult
      A $500 wake-up call: How the Samsung Galaxy Ring made me realise my stress
    • digicult
      Monster Hunter Wilds producer explains how game has remained unique and fresh over 20 years
    • digicult
      EU and US authorities take down malware network
    • digicult
      Google Pixel 9a: The best AI-centric phone under $800 in 2025?
    • asia
      Western intelligence agencies warn spyware threat targeting Taiwan, Tibetan rights advocates
    • asia
      Taiwan says China using generative AI to ramp up disinformation and 'divide' the island
    • world
      Russian court fines Telegram app for refusal to remove anti-government content, TASS reports
    • lifestyle
      One Beijing man's quest to keep cooking — and connecting with Americans — on camera
    • digicult
      Nintendo Switch 2 to launch in June with US$449.99 price tag

Money

Money
See More
btn-arrow
    • money
      Wall Street equity indexes close higher after US-China tariff truce
    • money
      Giant deal: Malaysian company to acquire Cold Storage and Giant supermarket chains in Singapore
    • money
      Can you still own multiple properties in Singapore? Here's what you need to know in 2025
    • money
      Selling your home for the first time? Here's a step-by-step timeline to follow in Singapore
    • money
      Why some central 2-bedroom homeowners in Singapore are stuck
    • money
      How the interest rate cycle works - and what it means for your home loan
    • money
      Tampines, Sengkang and more towns set new 2-room all-time-high records - is this part of a broader trend?
    • money
      More people rented in April 2025 despite higher prices, here's what's drove it
    • money
      Looking to buy Singapore property in 2025? Here's what's different (and what could catch you off guard)
    • money
      Newly MOP-ed 3-room HDB flat in Bedok sold for record $730k

Latest

Latest
See More
btn-arrow
  • world
    Australian authorities airdrop supplies to farmers stranded by flood crisis
  • world
    Long advantageous, Harvard's China ties become a political liability
  • china
    China urges sports bodies to reject 'gladiator show' Enhanced Games
  • world
    Australia begins clean-up after floods kill 5, damage 10,000 properties
  • world
    Police probe possible arson attack as Cannes and parts of southern France suffer power cut
  • world
    Russia and Ukraine swap 307 soldiers on second day of POW exchange
  • asia
    North Korea detains officials over warship accident, state media says
  • world
    Harvard's foreign students in limbo after Trump administration revokes their enrolment
  • world
    US judge orders Trump administration to facilitate return of Guatemalan deportee

In Case You Missed It

In Case You Missed It
  • world
    Trump administration blocks Harvard from enrolling foreign students, threatens broader crackdown 
  • singapore
    'We apologise for the operational lapse': NUS responds to backlash over disposal of Yale-NUS books
  • asia
    No joke: Bangkok condo resident releases snakes in corridor to protest neighbour's noisy dog
  • china
    'Only one chance at life': Chinese student, 18, misses exam to save classmate suffering heart attack
  • asia
    Baby suspected to have been eaten by monitor lizard in Thailand, only head found
  • singapore
    'Dog will return soon': GE2025 independent candidate Jeremy Tan wants to contest again
  • world
    Ong Ye Kung leads PAP team to victory while elder brother Howard Ong loses in Australia's election on the same day
  • singapore
    Tan Kiat How weighs in on viral video of Gan Kim Yong being ignored by passers-by in Punggol
  • singapore
    PSP's Tan Cheng Bock turns 85; SDP's Paul Tambyah joins celebration at Teban Gardens
This website is best viewed using the latest versions of web browsers.