KNOB Attack and Sailfish OS
asked 2019-08-16 20:57:23 +0300
The entropy of Bluetooth session keys is negotiated in an unauthenticated protocol between the participants. The attacker can manipulate this to the lowest entropy allowed, 1 byte. The resulting session key can then easily be brute forced.
The KNOB attack is possible due to flaws in the Bluetooth specification. As such, any standard-compliant Bluetooth device can be expected to be vulnerable. We conducted KNOB attacks on more than 17 unique Bluetooth chips (by attacking 24 different devices). At the time of writing, we were able to test chips from Broadcom, Qualcomm, Apple, Intel, and Chicony manufacturers.
(The link points to the research paper as well as some additional information in regard to this flaw in bluetooth)
Will there be an implementation in Sailfish OS that will deal with this issue?
did the bluetooth SIG already release an updated specification to all bt versions? if not there is nothing to fix yet...
misc11 ( 2019-08-16 22:57:30 +0300 )editYes. Min entropy 7 IIRC.
DaveRo ( 2019-08-17 08:59:35 +0300 )editso what i read is the bt sig asks for firmware to be updated to use min 7 byte of entropy (which is still way too little!). so, i guess that means the bt driver...
so even if jolla ships an updated bt driver, its still broken.
misc11 ( 2019-08-17 12:57:33 +0300 )edit