Security researchers have identified a vulnerability in Bluetooth® Key Negotiation to the CERT Coordination Center and Bluetooth® supplier industry.
Newly conducted research on an industry-wide vulnerability by computer scientists at the University of Oxford will be publicly disclosed at the USENIX Security Symposium, which takes place August 14-16, 2019. Referred to as “Bluetooth® Key Negotiation Vulnerability,” or “KNOB,” this research details an industry-wide vulnerability that affects the encryption key negotiation of Bluetooth® Basic Rate/Enhanced Data Rate (BR/EDR). This vulnerability doesn't affect Bluetooth® Low Energy (BLE). Intel products that support Bluetooth BR/EDR are among those affected by this industry-wide vulnerability. Our expectation is that mitigations addressing this vulnerability have already been made available (by OS vendors).
As a member of the Bluetooth Special Interest Group, we are working closely with the SIG and other key SIG members to develop mitigations. Protecting our customers and helping to ensure the security of our products is a critical priority for Intel.
- Intel® Wireless-AC products (3000 series, 7000 series, 8000 series, 9000 series)
- Intel® Wi-Fi 6 products (AX200, AX201)
- Intel® Wireless Gigabit products (17000 series, 18000 series)
- Intel® Atom x3-C3200 Processor Series
Intel recommends that end users and systems administrators apply updates as they're made available, and follow good security practices in general.
Q1. What is the vulnerability?
A new vulnerability was discovered during the Bluetooth® BR/EDR (Basic Rate/Enhanced Data Rate) key negotiation procedure. An attacker with physical proximity (usually within 30 meters) or line of sight can gain unauthorized access via an adjacent network, and intercept traffic to send forged negotiation messages between two vulnerable Bluetooth devices.
Q2. What are the consequences if a Bluetooth enabled device gets compromised because of this vulnerability?
This may result in information disclosure, elevation of privilege and/or denial of service. For example, Bluetooth headsets or keyboards can have their data captured or changed.
Q3. Can the vulnerability be exploited if only one of the two devices being connected is vulnerable?
No. Both of the devices have to be vulnerable. If one (or both) of the devices is (are) not vulnerable, the attack during the Key Negotiation will fail.
Q4. What is Intel doing to address this Bluetooth® vulnerability?
This is an industry specification issue. Intel is partnering with other members of the Bluetooth Special Interest Group (SIG) to strengthen the Bluetooth Core specification.
Q5. What is the expected mitigation for this vulnerability?
The Bluetooth SIG is working on updating the BT specification to address this issue and the OS and Bluetooth enabled device vendors are already working on mitigations.
Q6. When will these mitigations be ready?
Intel doesn't comment on behalf of third parties, please contact your OS or device vendor. Intel has already made the mitigation for the BlueZ stack publicly available. BlueZ is the official Linux Bluetooth protocol stack and provides support for the core Bluetooth layers and protocols. Support for BlueZ can be found in many Linux distributions and it's generally compatible with any Linux system on the market. Adoption of the BlueZ mitigation in individual Linux distributions may vary.
Further details available at:
Intel® Bluetooth® Security – Encryption Key Size Recommendation
Insights on Intel® Developer’s Zone
If you need additional assistance, contact Intel Customer Support by clicking the link below.