Microchip logo
  • All
  • Products
  • Documents
  • Applications Notes

Key Negotiation of Bluetooth® (KNOB)

Bluetooth BR/EDR Security Vulnerability 

Researchers have identified a security vulnerability, known as Key Negotiation of Bluetooth (KNOB), that affects Bluetooth Classic devices (devices using BR/ EDR connections). Devices that are Bluetooth Low Energy (BLE) only are not affected by this vulnerability.

Exploiting this vulnerability, an attacker can reduce the negotiated encryption key length to a single octet, allowing a brute force attack to decrypt the data and inject data into a Bluetooth connection. To leverage this vulnerability, the attacker must be within RF range of both devices, have RF capabilities to block and manipulate Bluetooth frames and then run the attack. 

What You Need to Know

  • Key Negotiation of Bluetooth or “KNOB" only applies to Bluetooth Classic and Dual mode devices (BLE-only chipsets and modules are not affected)
  • KNOB relates to the lack of a minimum encryption key requirement in the Bluetooth SIG specification
  • The Bluetooth SIG changed this requirement to a minimum value of seven octets
  • If one device is updated to enforce the seven-octet minimum key length, the connection is protected as the key is too long for a brute force attack
  • The challenge to the embedded industry is that many end products, including those developed by our clients, do not have the capability to perform a firmware update
  • Since most connections involve a phone, tablet, or a PC, patches are already available from Microsoft®, Apple®, Android™, Cisco® and Blackberry® and will be available from other PC or phone vendors soon 
  • We are currently investigating the impact to existing products as well as possible software fixes for our products

Microchip Bluetooth Products Status

FamilyAffected by This VulnerabilityWill It Be Fixed?Expected Timeline for Fix
Bluetooth® Classic/Dual Mode
BM78/RN4678/IS1678YesYes - Flash parts onlyExact timeline is TBD
Bluetooth Audio
BM64/IS2064GMYesYesExact timeline is TBD
BM62/IS2062GMYesNoFix is planned for future products
BM20, BM23YesNo 
BLE-Only Devices
SAM B11/BTLCNo (supports BLE only)  
BM7x/RN487xNo (supports BLE only)  
WILC3000No (supports BLE only)  
WILC3400No (supports BLE only)  
RN4020No (supports BLE only)