Security Software

More information on “…Exploiting Low Entropy in the Encryption Key Negotiation of Bluetooth® BR/EDR” *

On August 13, 2019, Daniele Antonioli from SUTD, Singapore, Dr. Nils Ole Tippenhauer, CISPA, Germany and Prof. Kasper Rasmussen, University of Oxford, England published a paper as part of the proceedings at USENIX 2019 entitled, “The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation of Bluetooth BR/EDR.”

This paper identifies a vulnerability in the Bluetooth® Basic Rate/Enhanced Data Rate (BR/EDR) specification and was reported to the Bluetooth Special Interest Group (SIG). Intel helped facilitate the coordinated disclosure of this vulnerability in conjunction with the Industry Consortium for Advancement of Security on the Internet (ICASI) and CERT/CC. Cert/CC issued CVE-2019-9506 for this vulnerability.

This is a vulnerability in the Bluetooth BR/EDR specification and potentially affects all Bluetooth BR/EDR devices adhering to that specification. Operating system providers and open source software projects have made mitigations available for this vulnerability. For more information on those mitigations, contact your operating system provider. This vulnerability does not affect Bluetooth Low Energy (LE) devices.

In all cases, Intel recommends that components participating in a secure Bluetooth connection (including Bluetooth Controller, Bluetooth Host and Profiles/Services) employ the highest level of encryption possible. You can find more information in the whitepaper.

Intel strongly believes in the value of coordinated disclosure, and is thankful for the opportunity to have helped facilitate disclosure of this issue with the community at large. As a best practice, we continue to encourage everyone to keep their systems up-to-date.

*Other names and brands may be claimed as the property of others.

The Bluetooth® word mark and logos are registered trademarks owned by Bluetooth SIG, Inc. and any use of such marks by Intel Corporation is under license.

Was this article helpful?YesNo
0% of users found this helpful

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Performance varies depending on system configuration. Check with your system manufacturer or retailer or learn more at

All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps.

Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors.

Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information visit

Performance results are based on testing as of dates shown in configurations and may not reflect all publicly available​ updates.

The products and services described may contain defects or errors known as errata which may cause deviations from published specifications. Current characterized errata are available on request.

Intel provides these materials as-is, with no express or implied warranties.

No product or component can be absolutely secure.

Your costs and results may vary.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries.  Other names and brands may be claimed as the property of others.