×
Wireless Connectivity
-
Wireless Connectivity
- Embedded Wi-Fi
- Low Power Wide Area Networks
- Bluetooth
- Embedded Wireless
- Applications
- Design Partners
- 3rd Party Module Partners
- RED Frequently Asked Questions
- Over-the-Air Updates
- Zigbee® Solutions
- Software Vulnerability Response
Key Negotiation of Bluetooth® (KNOB)
Bluetooth BR/EDR Security Vulnerability
Researchers have identified a security vulnerability, known as Key Negotiation of Bluetooth (KNOB), that affects Bluetooth Classic devices (devices using BR/ EDR connections). Devices that are Bluetooth Low Energy (BLE) only are not affected by this vulnerability.
Exploiting this vulnerability, an attacker can reduce the negotiated encryption key length to a single octet, allowing a brute force attack to decrypt the data and inject data into a Bluetooth connection. To leverage this vulnerability, the attacker must be within RF range of both devices, have RF capabilities to block and manipulate Bluetooth frames and then run the attack.
What You Need to Know
- Key Negotiation of Bluetooth or “KNOB" only applies to Bluetooth Classic and Dual mode devices (BLE-only chipsets and modules are not affected)
- KNOB relates to the lack of a minimum encryption key requirement in the Bluetooth SIG specification
- The Bluetooth SIG changed this requirement to a minimum value of seven octets
- If one device is updated to enforce the seven-octet minimum key length, the connection is protected as the key is too long for a brute force attack
- The challenge to the embedded industry is that many end products, including those developed by our clients, do not have the capability to perform a firmware update
- Since most connections involve a phone, tablet, or a PC, patches are already available from Microsoft®, Apple®, Android™, Cisco® and Blackberry® and will be available from other PC or phone vendors soon
- We are currently investigating the impact to existing products as well as possible software fixes for our products
Microchip Bluetooth Products Status
| Family | Affected by This Vulnerability | Will It Be Fixed? | Expected Timeline for Fix |
|---|---|---|---|
Bluetooth® Classic/Dual Mode | |||
| BM78/RN4678/IS1678 | Yes | Yes - Flash parts only | Exact timeline is TBD |
| RN41/RN42 | Yes | No | |
Bluetooth Audio | |||
| BM83/IS2083BM | Yes | Yes | Fixed |
| BM64/IS2064GM | Yes | Yes | Exact timeline is TBD |
| BM62/IS2062GM | Yes | No | Fix is planned for future products |
| IS2008/2010/2013/2015/2020/ 2021/2022/2023/2025 | Yes | No | |
| BM20, BM23 | Yes | No | |
| RN52 | Yes | No | |
BLE-Only Devices | |||
| SAM B11/BTLC | No (supports BLE only) | ||
| BM7x/RN487x | No (supports BLE only) | ||
| WILC3000 | No (supports BLE only) | ||
| WILC3400 | No (supports BLE only) | ||
| RN4020 | No (supports BLE only) | ||