Dettaglio CAPEC-668

CAPEC-668

Key Negotiation of Bluetooth Attack (KNOB)
Basso
Alto
Draft
2021-06-24
00h00 +00:00
2022-09-29
00h00 +00:00
CAPEC Mitre.org
Avviso per un CAPEC specifico
Rimani informato su qualsiasi modifica relativa a un CAPEC specifico.
Gestione notifiche

Descrizioni CAPEC

An adversary can exploit a flaw in Bluetooth key negotiation allowing them to decrypt information sent between two devices communicating via Bluetooth. The adversary uses an Adversary in the Middle setup to modify packets sent between the two devices during the authentication process, specifically the entropy bits. Knowledge of the number of entropy bits will allow the attacker to easily decrypt information passing over the line of communication.

Informazioni CAPEC

Flusso di esecuzione

1) Explore

[Discovery] Using an established Person in the Middle setup, search for Bluetooth devices beginning the authentication process.

Tecnica
  • Use packet capture tools.
2) Experiment

[Change the entropy bits] Upon recieving the initial key negotiation packet from the master, the adversary modifies the entropy bits requested to 1 to allow for easy decryption before it is forwarded.

3) Exploit

[Capture and decrypt data] Once the entropy of encryption is known, the adversary can capture data and then decrypt on their device.

Prerequisiti

Person in the Middle network setup.

Competenze richieste

Ability to modify packets.

Risorse richieste

Bluetooth adapter, packet capturing capabilities.

Mitigazioni

Newer Bluetooth firmwares ensure that the KNOB is not negotaited in plaintext. Update your device.

Vulnerabilità correlate

CWE-ID Nome della vulnerabilità

CWE-425

 Direct Request ('Forced Browsing')
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

CWE-285

 Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CWE-693

 Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Riferimenti

REF-657

Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks
Jovi Umawing.
https://blog.malwarebytes.com/awareness/2019/08/bluetooth-vulnerability-can-be-exploited-in-key-negotiation-of-bluetooth-knob-attacks/

Invio

Nome Organizzazione Data Data di rilascio
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00

Modifiche

Nome Organizzazione Data Commento
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Taxonomy_Mappings
Le informazioni presentate su CVE Find provengono da diverse fonti di riferimento attentamente selezionate. I dati CVE sono forniti da MITRE Corporation e dal National Vulnerability Database (NVD). Il catalogo delle vulnerabilità sfruttate conosciute (KEV) proviene dalla Cybersecurity and Infrastructure Security Agency (CISA), mentre i punteggi EPSS provengono da FIRST.org. Inoltre, i dati relativi alle vulnerabilità software (CWE) e ai pattern di attacco comuni (CAPEC) sono mantenuti da MITRE Corporation, e le informazioni sulle configurazioni hardware e software (CPE) sono fornite da NVD.