KNOB Attack for BLE (nRF52840)

Question

Hi Experts, 
 
 We are developing application on nRF52840 based BLE 5.0 module i.e. BMD-340, in short we are integrating the BLE in one of our existing product & upcoming new products. 
 We have found information about KNOB attack on BLE. 
 Does Nordic have implemented the features to avoid the KNOB attack? If yes, please provide details. 
 
 Regards, 
 Yunus

bjorn-spockeli · Accepted Answer

-- Nordic devices and Software are not affected by the Bluetooth "KNOB" security vulnerability disclosed 14 August 2019 -- 
 The Bluetooth "KNOB" security vulnerability in Bluetooth BR/EDR was published in the following research paper, https://www.usenix.org/system/files/sec19-antonioli.pdf , and the Bluetooth SIG has released a corresponding notice on this attack, see https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/ 
 This issue only affects BR/EDR. Bluetooth Low Energy has minimum key lengths >=7 bytes enforced and BLE is not referred to in the paper or SIG notice at all. 
 Our Bluetooth protocol stack team has confirmed this does not affect our products. 
 Best regards 
 Bjørn

DevSec · Answer

Thanks for clarification. 
 
 Regards, 
 Yunus

KNOB Attack for BLE (nRF52840)

Top Replies