Security Software

More information on “…Exploiting Low Entropy in the Encryption Key Negotiation of Bluetooth® BR/EDR” *

On August 13, 2019, Daniele Antonioli from SUTD, Singapore, Dr. Nils Ole Tippenhauer, CISPA, Germany and Prof. Kasper Rasmussen, University of Oxford, England published a paper as part of the proceedings at USENIX 2019 entitled, “The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation of Bluetooth BR/EDR.”

This paper identifies a vulnerability in the Bluetooth® Basic Rate/Enhanced Data Rate (BR/EDR) specification and was reported to the Bluetooth Special Interest Group (SIG). Intel helped facilitate the coordinated disclosure of this vulnerability in conjunction with the Industry Consortium for Advancement of Security on the Internet (ICASI) and CERT/CC. Cert/CC issued CVE-2019-9506 for this vulnerability.

This is a vulnerability in the Bluetooth BR/EDR specification and potentially affects all Bluetooth BR/EDR devices adhering to that specification. Operating system providers and open source software projects have made mitigations available for this vulnerability. For more information on those mitigations, contact your operating system provider. This vulnerability does not affect Bluetooth Low Energy (LE) devices.

In all cases, Intel recommends that components participating in a secure Bluetooth connection (including Bluetooth Controller, Bluetooth Host and Profiles/Services) employ the highest level of encryption possible. You can find more information in the whitepaper.

Intel strongly believes in the value of coordinated disclosure, and is thankful for the opportunity to have helped facilitate disclosure of this issue with the community at large. As a best practice, we continue to encourage everyone to keep their systems up-to-date.

*Other names and brands may be claimed as the property of others.

The Bluetooth® word mark and logos are registered trademarks owned by Bluetooth SIG, Inc. and any use of such marks by Intel Corporation is under license.


Was this article helpful?YesNo
0% of users found this helpful

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Performance varies depending on system configuration. Check with your system manufacturer or retailer or learn more at www.intel.com.

All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps.

The products and services described may contain defects or errors known as errata which may cause deviations from published specifications. Current characterized errata are available on request.

Intel provides these materials as-is, with no express or implied warranties.

No product can be absolutely secure.

Intel, the Intel logo, Intel Core, Intel Atom, Intel Xeon, Intel Xeon Phi, Intel® C Compiler, Intel Software Guard Extensions, and Intel® Trusted Execution Engine are trademarks of Intel Corporation in the U.S. and/or other countries.

*Other names and brands may be claimed as the property of others.