Bluetooth up to 5.1 BR/DER Key cryptographic issue

Summaryinfo

A vulnerability was found in Bluetooth up to 5.1. It has been declared as critical. Impacted is an unknown function of the component BR/DER. Such manipulation leads to cryptographic issue (Key). This vulnerability is referenced as CVE-2019-9506. The attack needs to be initiated within the local network. No exploit is available. This vulnerability has historical importance owing to its background and reception.

Detailsinfo

A vulnerability was found in Bluetooth up to 5.1 and classified as critical. Affected by this issue is some unknown processing of the component BR/DER. The manipulation with an unknown input leads to a cryptographic issue vulnerability (Key). Using CWE to declare the problem leads to CWE-310. Impacted is confidentiality, integrity, and availability. CVE summarizes:

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

The weakness was published 08/14/2019 by Daniele Antonioli as VU#918987 as confirmed advisory (CERT.org). The advisory is available at kb.cert.org. The public release has been coordinated with the vendor. This vulnerability is handled as CVE-2019-9506 since 03/01/2019. Access to the local network is required for this attack to succeed. No form of authentication is required for exploitation. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $5k-$25k at the moment (estimation calculated on 07/28/2020). This vulnerability is assigned to T1600 by the MITRE ATT&CK project. This vulnerability has a historic impact due to its background and reception. The advisory points out:

The encryption key length negotiation process in Bluetooth BR/EDR Core v5.1 and earlier is vulnerable to packet injection by an unauthenticated, adjacent attacker that could result in information disclosure and/or escalation of privileges. This can be achieved using an attack referred to as the Key Negotiation of Bluetooth (KNOB) attack, which is when a third party forces two or more victims to agree on an encryption key with as little as one byte of entropy. Once the entropy is reduced, the attacker can brute-force the encryption key and use it to decrypt communications.

As 0-day the estimated underground price was around $5k-$25k. The advisory illustrates:

An attacker, Charlie, could force Alice and Bob to use a smaller N by intercepting Alice's proposal request to Bob and changing N. Charlie could lower N to as low as 1 byte, which Bob would subsequently accept since Bob supports 1 byte of entropy and it is within the range of the compliant values. Charlie could then intercept Bob's acceptance message to Alice and change the entropy proposal to 1 byte, which Alice would likely accept, because she may believe that Bob cannot support a larger N. Thus, both Alice and Bob would accept N and inform the Bluetooth hosts that encryption is active, without acknowledging or realizing that N is lower than either of them initially intended it to be.

The advisory contains the following remark:

Bluetooth host and controller suppliers should refer to the Bluetooth SIG's "Expedited Errata Correction 11838" for guidance on updating their products. Downstream vendors should refer to their suppliers for updates.

Similar entry is available at VDB-139908. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Name

• Bluetooth

Version

• 5.0
• 5.1

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion