Standardlikelihood: Lowseverity: HighDraft

CAPEC-668Key Negotiation of Bluetooth Attack (KNOB)

Abstraction
Standard
Status
Draft
Likelihood
Low
Severity
High

Description

An adversary can exploit a flaw in Bluetooth key negotiation allowing them to decrypt information sent between two devices communicating via Bluetooth. The adversary uses an Adversary in the Middle setup to modify packets sent between the two devices during the authentication process, specifically the entropy bits. Knowledge of the number of entropy bits will allow the attacker to easily decrypt information passing over the line of communication.

Related weaknesses· 3

CWE-425CWE-285CWE-693

MITRE ATT&CK crosswalk· 1

T1565.002: Data Manipulation: Transmitted Data Manipulation

Related attack patterns· 2

CAPEC-115 (ChildOf)CAPEC-148 (CanPrecede)

Exploits3

TypeTargetConfidenceTier
WeaknessDirect Request ('Forced Browsing')cwe-425100%live
WeaknessImproper Authorizationcwe-285100%live
WeaknessProtection Mechanism Failurecwe-693100%live

Related to1

TypeTargetConfidenceTier
SubTechniqueTransmitted Data Manipulationt1565.002100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Bluetooth Impersonation AttackS (BIAS)
CAPEC
Mobile Device Fault Injection
CAPEC
Weakening of Cellular Encryption
CAPEC
Hardware Fault Injection
CAPEC
Protocol Manipulation
CAPEC
BlueSmacking
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.