about the attack (Key Negotiation Of Bluetooth), which allows organizing the interception and substitution of information in encrypted Bluetooth traffic. Having the ability to block the direct transmission of packets in the process of negotiating the connection of Bluetooth devices, an attacker can achieve the use of session keys containing only 1 byte of entropy, which allows using the brute-force method to determine the encryption key.
The problem is caused by flaws (CVE-2019-9506) in the Bluetooth specification BR/EDR Core 5.1 and earlier, which allow the use of too short encryption keys and do not prevent the attacker from interfering at the connection negotiation stage to fallback to such unreliable keys (packets can be substituted by unauthenticated attackers ). The attack can be carried out at the time of device connection negotiation (already established sessions cannot be attacked) and is only effective for connections in BR/EDR (Bluetooth Basic Rate/Enhanced Data Rate) modes if both devices are vulnerable. If the key is successfully selected, the attacker can decrypt the transmitted data and imperceptibly from the victim perform substitution of arbitrary ciphertext into the traffic.
When establishing a connection between two Bluetooth controllers A and B, controller A, after authentication by the link key (link key), can offer to use 16 bytes of entropy for the encryption key (encryption key), and controller B can accept this value or specify a lower value, in if it is not possible to generate a key of the proposed size. In response, controller A may accept the response offer and activate the encrypted communication channel. At this stage of parameter negotiation, encryption is not applied, so the attacker has the opportunity to break into the data exchange between the controllers and replace the packet with the proposed entropy size. Since the allowed key size varies from 1 to 16 bytes, the second controller will accept this value and send its acknowledgment indicating the same size.
To reproduce the vulnerability in laboratory conditions (the attacker's activity was emitted on one of the devices),
to carry out an attack.
For a real attack, the attacker must be in the receiving area of the victim's devices and be able to briefly block the signal from each device, which is proposed to be implemented through signal manipulation or reactive jamming.
The Bluetooth SIG, which is responsible for developing Bluetooth standards, correction of specification number 11838, in which measures are proposed for implementation by manufacturers to block the vulnerability (the minimum encryption key size has been increased from 1 to 7). Problem in compliant Bluetooth stacks and Bluetooth chip firmware, including products , Broadcom, , , , Qualcomm, Linux, , и (of the 14 tested chips, all were vulnerable). The Bluetooth stack of the Linux kernel a fix that allows you to change the minimum encryption key size.
Source: opennet.ru