Security Advisory - Key Negotiation of Bluetooth (KNOB) Vulnerability

Related Vulnerabilities: CVE-2019-9506  

The KNOB (Key Negotiation of Bluetooth) vulnerability exists in the encryption key negotiation process between two Bluetooth BR/EDR devices. The negotiation process is not encrypted and no authentication is performed. An unauthenticated, adjacent attacker can initiate a man-in-the-middle attack to reduce the negotiated entropy length used for secure connections to a single octet. Successful exploit could cause the encryption key being vulnerable to brute force. (Vulnerability ID: HWPSIRT-2019-08118) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-9506. Huawei has released software updates to fix this vulnerability. This advisory is available at the following link: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en

The KNOB (Key Negotiation of Bluetooth) vulnerability exists in the encryption key negotiation process between two Bluetooth BR/EDR devices. The negotiation process is not encrypted and no authentication is performed. An unauthenticated, adjacent attacker can initiate a man-in-the-middle attack to reduce the negotiated entropy length used for secure connections to a single octet. Successful exploit could cause the encryption key being vulnerable to brute force. (Vulnerability ID: HWPSIRT-2019-08118)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-9506.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en