Is a hardware wallet that uses Bluetooth to transfer data safe?

Author: Cobo Vault security trainee

In August 2019, CVE (Common Vulnerabilities & Exposures, Common Vulnerabilities and Disclosures) updated a Bluetooth vulnerability KNOB (Key-Negotiation-of-Bluetooth) code-named CVE-2019-9506, with a CVSS score of 9.3. The vulnerability was discovered by researcher Daniele Antonioli of Singapore SUTD, Dr. Nils Ole Tippenhauer of CISPA, Germany, and Professor Kasper Rasmussen of University of Oxford, UK. The vulnerability spans the Bluetooth BR / EDR Bluetooth Core Specification versions 1.0 to 5.1, affecting more than 100,000 devices Bluetooth devices, including smartphones, laptops, IoT devices, and industrial equipment.

The introduction and popularization of the Bluetooth protocol has a history of 25 years. From audio transmission, graphic transmission, video transmission, to Internet of Things transmission with low power consumption as the main application, Bluetooth is used more and more widely.

Many hardware wallets at home and abroad also use Bluetooth technology to complete the hot and cold side information transmission. So, does KNOB pose a threat to these hardware wallets?

Today I will dissect the Bluetooth vulnerability KNOB for everyone!

First, let's have a brief understanding of the types of Bluetooth:

Traditional Bluetooth (BR / EDR) is suitable for short-distance (within 10 meters) continuous wireless connection, such as transferring pictures from mobile phone A to mobile phone B, Bluetooth headphones to listen to songs, etc. For security reasons, two Bluetooth BR / EDR devices can negotiate an entropy value of 1-16 bytes as the encryption key when pairing for a secure connection. A larger entropy value means more secure.

The KNOB vulnerability appeared during the entropy negotiation of traditional Bluetooth (BR / EDR) devices.

After research, it is found that the process of entropy negotiation uses the LMP protocol (Link Manager Protocol), which is neither encrypted nor verified, so it can be used for attack support and operation by OTA.

The specific process is as follows:

The KNOB vulnerability allows an attacker to spoof two target devices to agree to set the entropy value of the encryption key to 1 byte, which can easily brute force the negotiated encryption key.

Let's summarize the necessary conditions for KNOB attacks:

1. Both devices are Bluetooth BR / EDR devices, and there is a KNOB vulnerability;

2. The attacker needs to be within the physical range of the device's connection;

3. Since the entropy negotiation needs to happen every time encryption is enabled, and the time window of the attack is very small, the attacker needs to repeat the attack very quickly;

After understanding the principle of KNOB, I personally believe that the Bluetooth hardware wallet is still relatively safe, because it is really difficult to meet the attack conditions .

However, like all wireless technologies, Bluetooth communication is vulnerable to a variety of threats. Because Bluetooth technology uses a variety of chipset, operating system, and physical device configurations, this involves a large number of different secure programming interfaces and default settings. These complications increase the likelihood and impact of Bluetooth attacks. Attacker k can use this vulnerability to monitor and manipulate data transmitted between two devices, which can lead to the leakage and tracking of personally identifiable and sensitive information.

Here are some suggestions for you:

1. Before purchasing a Bluetooth hardware wallet, confirm the Bluetooth type and version of the device, and avoid versions with a history of vulnerabilities;

2. Try not to use the Bluetooth hardware wallet in public places and crowded scenes;

3. When the device is not in use, please keep the Bluetooth function off;

4. You can consider a hardware wallet with two-dimensional code for data transmission, which is more secure and transparent.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

Interview with BitMax.io Cao Jing: Compliance, Localization and Traffic Integration, Exchange Status and Future

On October 19th, at the 1st anniversary of the BitMax.io exchange, Jingwei China Partner Harry, Sequoia Capital Partn...

Opinion

One year after the FTX crash, have the once badly affected market makers in the crypto world recovered?

Alameda Research is the core trading company of Sam Bankman-Fried's failed crypto empire, and after the company's col...

News

Investment tips for the next bull market: In-depth analysis of the development status and trends of 15 cryptocurrency tracks

Following the regular industry cycle pattern, the bear market has passed halfway. The Ethereum upgrade has brought ab...

Blockchain

Hackers are getting smarter, with the largest number of exchange attacks ever in 2019

Source | bitcoinmagazine Translation | Huohuo Sauce Production | Blockchain Camp (ID: blockchain_camp) Currently, maj...

Blockchain

Did Michael Lewis's reputation 'crash' by showing mercy to SBF?

Source New York Times Compiled by LianGuaiBitpushNews Mary Liu Hiking is a common interview format for Michael Lewis....

Blockchain

The US Department of Justice accuses SBF of misappropriating over $100 million of customer deposits for political donations.

Sam Bankman-Fried is said to have used over 100 million dollars of user funds to provide campaign donations for both ...