Domain: trifinite.org
Stories and comments across the archive that link to trifinite.org.
Comments · 7
-
Look, an astroturfer
How does this even get modded up? Are slashdotters that uninformed?
The standard requires the chip interaction to work at least up to 20cm distance. That doesn't mean it stops working at 21cm. In the same way the car whisperer guys talked to bluetooth carkits kilometres away that was only supposed to work up to ten metres, you can stretch RFID to at least 20 metres. In fact, that demonstration was why USA RFID passports come with tin foil embedded. And you only need a metre or two for a detonator to go off.
Before you think that's alright then: Other governments don't provide that tin foil at all, still denying the problem.
The chip is still uniquely addressable every time. You don't need to get the mark's name from his ID card (you've done your homework), and you can figure out what RFID tags he's carrying even on a busy street by following him long enough, like how cars find their own RFIDed tyre pressure meters.
As to BAC vs PACE, I don't really care. Broken by design is BAD, and I don't want RFID in my ID cards at all. No, fixing it up with spit and baling wire, excuse me, tin foil, is not good enough. For my privacy and security both, ID needs to not be readable without me even noticing. Same goes for RFID payments and a whole raft of other things. I want proper design, not this new technology vendor solution looking for a problem pushing jerkfest. It's sticky man. Get me a clean card already.
-
Re:Is this legal?
I may be wrong, but I was under the impression that the PIN is used to pair, and pairing establishes link keys that are then used to secure the communications. My assumption is that there's a randomized element to these keys, such that someone eavesdropping the pairing process would probably be able to get them, but not someone who eavesdrops a session after the devices have been paired.
No, the "PIN" (actually the bluetooth spec calls that 4 digit number a "passkey") is exchanged between two paired devices each time they establish their connection.
There is a higher level of encryption that can be added after that fact, which does use a separate unrelated key pair (Similar to how SSL stores host keys), however the bluetooth spec calls this 'bonding', which is done after 'pairing'
I think the bonding and higher encryption features were introduced to the bluetooth protocol around version 2 or so (Admittedly, that was about 2 years ago now)
Plus bonded devices take quite a bit longer to handshake.
This means either your headset device will not be able to use any power saving functionality at all, or you will just simply miss every call assuming 4 rings until voice mail.If your devices just pair and not bond, thus use a 4-6 digit number instead of an alphanumeric key, then any time during the communication you can intercept and decrypt all the data.
Here's some software that will let you test this yourself:
http://trifinite.org/trifinite_stuff_blooover.html
http://www.alighieri.org/project.html (The bluesnarfer project)
http://bluetooth-pentest.narod.ru/ -
Re:Facial Expressions?
Recently I noticed just how much the Bluetooth headset has changed the way we perceive people. I rode a tram, and heard a girl near me giggle. She was looking outside, speaking softly, giggling from time to time. Naturally, I'd assumed she was talking to someone via Bluetooth. Boy, was I wrong. I don't know what was making her giggle, and who she was talking to, but there was no mobile phone or any of its possible accessories in sight.
Let's see
... you didn't see a phone. Could it have been in her purse? School bag? Pocket?You can also get a bluetooth earbud that's so small that a bit of hair, or the edge of a hat, will hide it.
You don't even need to be within 30 feet for it to work - I've had plenty of conversations where I've gone from room to room w/o my cell, or outside, without dropping the conversation (don't try this with a bargain-basement bluetooth). I've even left my cell in the car, gone to the ATM, and back w/o dropping the call - a good 50 feet or more. She may even have dropped her phone and not even realized it, and only found out when she gets off the tram. Or hse's a hackeer using bluetooth snarfing and eavesdropping on YOUR phone calls.
-
RFID for use in access control......is funny: a colleague who studied with me is now part of a group for wireless researches called trifinite. The guy has invented a Bluetooth "rifle" that captured data from a mobile phone a mile away.
Hmmm... opening doors from a mile away, what fun could that be! :-)
Hallo Martin, dachte mir schon, dass du dich mal googeln würdest
:-) -
RFID for use in access control......is funny: a colleague who studied with me is now part of a group for wireless researches called trifinite. The guy has invented a Bluetooth "rifle" that captured data from a mobile phone a mile away.
Hmmm... opening doors from a mile away, what fun could that be! :-)
Hallo Martin, dachte mir schon, dass du dich mal googeln würdest
:-) -
Re:Bluetooth phones
Sorry, I really should have just linked to this.
-
List of which kits are susceptable
Thank you to the fine people of trifinite.org for not listing off which handsfree devices they found to be secure and which they found to be insecure. Now I guess we'll all just have to wait until we're hacked to find out if we bought the right one.
These guys seem to be pretending to be doing it for the good of the industry, but their site seems to list a lot of Bluetooth Hacks & Attacks. And they didn't seem to have made any effort to contact vendors to get the problem corrected, either.