Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Way To Crack Secure Bluetooth Devices

Posted by Zonk on from the mind-what-you-say dept.

moon_monkey writes "Cryptographers have discovered a way to hack Bluetooth-enabled devices even when security features are switched on, according to a report from New Scientist.com. The discovery may make it even easier for hackers to eavesdrop on conversations and charge their own calls to someone else's cellphone. From the article: 'Our attack makes it possible to crack every communication between two Bluetooth devices, and not only if it is the first communication between those devices,'"

137 comments

  1. Show me the code by Anonymous Coward · · Score: 2, Interesting


    where are these cryptographers and their code ?
    and why isnt this mentioned on Butraq or Full Disclosure ?

    1. Re:Show me the code by Anonymous Coward · · Score: 0

      I love you too!!!!

    2. Re:Show me the code by moyix · · Score: 2, Informative

      Well, here might be a good place to look. The article doesn't actually tell you where to find the research, but it was posted on Schneier's blog this morning.

      Cheers,
      Brendan

  2. Funny quote by MyLongNickName · · Score: 3, Insightful

    "Too many people are thinking of security instead of opportunity. They seem more afraid of life than death. -- James F. Byrnes"

    At bottom of Slashdot screen :)

    --
    See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
    1. Re:Funny quote by Anonymous Coward · · Score: 0

      "[Byrnes] was concerned about Russia's postwar behavior. Russian troops had moved into Hungary and Rumania, and Byrnes thought it would be very difficult to persuade Russia to withdraw her troops from these countries, that Russia might be more manageable if impressed by American military might, and that a demonstration of the bomb might impress Russia."
      -- Manhattan Project scientist Leo Szilard (Spencer Weart and Gertrud Szilard, Leo Szilard: His version of the Facts, pg. 184).

      my quote: wise man but a big sob dude too!

  3. Article is missing an important detail by plover · · Score: 2, Interesting
    By forcing a re-pairing (as stated in the article) does it then rely on the user to re-pair his devices as a manual step? Or does this re-pair process happen in an automated fashion?

    If it's a manual step, then it'll require education of the users to not pair their phones in public.

    --
    John
    1. Re:Article is missing an important detail by wyoung76 · · Score: 3, Informative
      From TFA:

      Wool and Shaked have managed to force pairing by pretending to be one of the two devices and sending a message to the other claiming to have forgotten the link key.

      So, it's an automatic and remote attack which doesn't rely upon any cooperation from either of the two original Bluetooth devices.

    2. Re:Article is missing an important detail by Sancho · · Score: 1

      It would seem that way.

      How does this work with headsets? Where do you enter the PIN on the headset? Or do you ONLY have to do it with the phone?

      Also, I hear that some phones do an autonegotiation that doesn't require a PIN at all. It would seem that these would be the most vulnerable to the attack, although what happens when the legitimate device tries to pair at the same time as the spoofer?

      Regardless, at the very least this looks like it could be a DOS.

    3. Re:Article is missing an important detail by plover · · Score: 1
      The way I originally read it I didn't understand if this forced pairing required the input of the user to perform a "pairing" manually, (which was then intercepted by the attacker) or if the devices just agreed automatically to resend their pair information (which was then intercepted by the attacker.)

      Thanks for the clarification.

      --
      John
    4. Re:Article is missing an important detail by Sancho · · Score: 3, Insightful

      The article isn't clear.

      They imply that part of the pairing process is inputting the 4 digit PIN. If this is the case, user intervention would be required for re-pairing. Maybe the article wasn't as precise as possible regarding the process, but it distinctly uses the above terminology which, to me, implies manual input.

      Perhaps the devices remember the PIN if the link-key is forgotten, thus removing the need for user intervention? That would explain the bit in the article about trying every PIN (a 4-digit PIN seems pretty ridiculously small, regardless).

    5. Re:Article is missing an important detail by MadRocketScientist · · Score: 5, Informative

      Digging up their paper, it seems that it is not automatic:

      If the attack is successful, the Bluetooth user will need to enter the PIN again - so a suspicious user may realize that his Bluetooth device is under attack and refuse to enter the PIN.

    6. Re:Article is missing an important detail by plover · · Score: 2, Informative
      The headsets I'm familiar with have a preset PIN (something like 0000 or 1111) that you have to enter into the phone. But they can't initiate the pairing process -- it has to be driven from the phone side. I suppose it's entirely possible for an attacker who sees you use a headset to set up his device to sniff your headset's ID, then pretend to be that headset with PIN 1111.

      Now a headset has only a limited set of functions it can perform -- they can't dial digits without a keypad, so they're usually restricted to voice recognition of pre-programmed names. So unless you wanted to steal a phonecall to my wife or my son, you probably won't find it very useful.

      That is, if headsets are restricted to "no dialing, no OBEX, no service discovery". If headsets are allowed to "change" their profile to suddenly support network dialing, keypads, and all that, then you're in big trouble from spoofers without even worrying about cracking the crypto.

      --
      John
    7. Re:Article is missing an important detail by MyLongNickName · · Score: 1

      My understanding is the INITIAL pairing required this, but subsequent pairings did not. Call me a skeptic, but I doubt it would really be that simple.

      --
      See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
    8. Re:Article is missing an important detail by Badfysh · · Score: 1

      I think on most headsets the PIN is preset and the number is in the manual or on a separate piece of paper. As for auto negotiation, on some phones you can turn off the PIN request.

      --

      I was conned by an old man in a cloak. It turns out those *were* the droids I was looking for.

    9. Re:Article is missing an important detail by Sancho · · Score: 1

      Awesome, a fast, civil, informative response :)

    10. Re:Article is missing an important detail by brontus3927 · · Score: 0, Redundant
      It's not automatic, but with social engineering, it might as well might me. Most people won't even blink when the message appears on the screen asking for their PIN.

      I wonder if cell-phone companies will start having to provide fraud protection to protect if your phone is used fraudulently, like credit-card companies do.

      --
      Free MacMini
    11. Re:Article is missing an important detail by BranMan · · Score: 2, Insightful

      There are a few things that aren't clear in TFA, but look pretty alarming.

      The article mentions a manual process for inputting a 4 digit PIN to seed the pairing process. Then goes on to state that bluetooth devices can send a 'whoops - forgot our secret key. Sorry. Can we pick a new one?' message that is honored without any intervention by, or alerting of, the user(s) involved. Just having that message - without any authentication or encrytion it seems - defeats the entire security process. WTF?

      The second thing is the 4 digit PIN - if the 128 bit key is generated from a 4 digit PIN, and done without randomness (how else could both devices arrive at the same key?) - then you have less than 6 bit keys in effect. WTF?

      If this article is accurate the bluetooth security protocols were designed by a bunch of frickin' morons.

      <rant> Does getting paid to develop security software render people imbeciles??? It sure seems like it does to me. </rant>

    12. Re:Article is missing an important detail by plover · · Score: 1
      Ahh! Thank you for the link to the actual paper! (TFA suggested to me that since they were presenting it at a conference next week they hadn't published it yet. Yet another misread by me. I'm two for two today!)

      So I really am safe as long as I'm not entering my PIN in a place where I can be eavesdropped upon. No worries! Whew.

      --
      John
    13. Re:Article is missing an important detail by MyLongNickName · · Score: 1

      I'll trade you this Big Mac for your slashdot password....

      --
      See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
    14. Re:Article is missing an important detail by Anonymous Coward · · Score: 0

      Sorry, it'll take at least a double double quarter pounder (otherwise known as "The Pounder") to get mine.

      Gimme gimme gimme!

    15. Re:Article is missing an important detail by rufusdufus · · Score: 1

      The paper explicitely states that the phone's owner has to type in a new password manually for this attack to work. All the 'forgot password' function does is make it so the target can't use their headset without repairing, thus tricking them into typing in their code in public.

    16. Re:Article is missing an important detail by voss,+sometimes... · · Score: 1

      4 symbol PIN limit is bollocks. You can use longer PINs if you want: I for example use different PINs for every BT device + every pin is around 12 symbols. You only need to remember the PIN at the time of the pairing so it's simple also.

    17. Re:Article is missing an important detail by BranMan · · Score: 1

      Works as a DOS attack too then. Yay.

  4. Well... by Anonymous Coward · · Score: 0

    Seems like they're keeping their hack top secret..is there anywhere we can find it out? *grins at prospect of free phonecalls*

  5. man this ain't very good news by Adult+film+producer · · Score: 2, Interesting

    this fucking depressing, can firmware updates fix these streams of bluetooth hacks? Or is the problem so close to the hardware that nothing but scrapping the device and building from ground-up fix it ?

    1. Re:man this ain't very good news by keesh · · Score: 1

      Firmware updates? Heh, good luck to all of you stuck with non-flashable Nokia phones. Even the high end Nokia kit isn't firware-upgradable, which really sucks for those of us with early 3650 models that crash every few hours.

    2. Re:man this ain't very good news by Anonymous Coward · · Score: 0

      If you get depressed over bluetooth devices, you may need to consider psychological thearapy or something..

  6. I used to work with James F Byrnes by Anonymous Coward · · Score: 0

    He is a really nice and very intelligent person, but had a really nasty habit of picking his nose and eating the booger at meetings. This really grossed people out, but still quite a nice person to work with.

    1. Re:I used to work with James F Byrnes by Anonymous Coward · · Score: 0

      No, you didn't.

  7. Three words.... by null+etc. · · Score: 1

    Time for WUSB...

    1. Re:Three words.... by Anonymous Coward · · Score: 0

      You are the only WUSS here!

    2. Re:Three words.... by Mike+Buddha · · Score: 2, Insightful

      ... and a litany of new security issues. There is no "magic" technology. Get over it.

      --
      by Mike Buddha -- Someday the mountain might get him, but the law never will.
  8. Why, oh why ? by Anonymous Coward · · Score: 1, Insightful

    Why doesn't the telecom industry learn ?

    Guys, what about hiring ONE competent cryptographer to design a wireless protocols ?

    1. Re:Why, oh why ? by null+etc. · · Score: 1
      Why doesn't the telecom industry learn ? Guys, what about hiring ONE competent cryptographer to design a wireless protocols ?

      As with most paid employees, a cryptographer's competence decreases as his job security increases.

      It's only a hacker who has nothing legitimately to gain that would find an exploit like this. Unless he's a crazy researcher who put his life on hold to find some obscure flaw with hyperthreading processors.

    2. Re:Why, oh why ? by fuzzybunny · · Score: 2, Insightful

      Nope, most security professionals want to fix bugs. There will always be enough holes in software to make our lives difficult.

      Bluetooth in and of itself is a fairly decent protocol for what it was originally designed for (ca. 15m range personal networking). It encounters a lot of limitations in the capabilities of how it is implemented (i.e. static shared PINs, etc.)

      And you're mistaken about crazy hackers; I know of quite a few pretty top-end cryptographers still doing good research while employed as pet security bwanas by large banks, IT corporations, etc. Although, I don't know whether you could refer to "job security" when talking about an outfit like IBM research :(

      --
      Cole's Law: Thinly sliced cabbage
    3. Re:Why, oh why ? by cebailey · · Score: 2, Informative

      Maybe I'm missing a beat here, but TFA says that the communications between Bluetooth devices ARE encrypted...it's simply a Bluetooth device's "heartbeat" that's unencrypted, and it allows for hacking.

      Now, if they maybe wanted to use more encryption so the key isn't as breakable, that would be an idea...but it would probably mean more expensive hardware, and longer PINs.

      My boss always says security and ease of use are on two opposite ends of a line, and with any system you have to put the 'x' somewhere. Bluetooth chose to plant their 'x' pretty close to the Ease of Use side, which cost them security.

      But then again, if I see the little "B" icon on my v600 and my headset's not on my ear, I know SOMETHING's up...

    4. Re:Why, oh why ? by Darktan · · Score: 1

      But then again, if I see the little "B" icon on my v600 and my headset's not on my ear, I know SOMETHING's up...

      I'd be more worried if I could see the display when the phone was up to my ear.

    5. Re:Why, oh why ? by cebailey · · Score: 1

      I guess I should have clarified--my BLUETOOTH headset is on my ear...

  9. panic! Fear! Oh no! by Matey-O · · Score: 2, Funny

    While the last dowzin times I've paired devices HAVE been on the bus. I've noticed the auto generating pins are now 5 to 8 digits long.

    Further, it's extremely rare that I even SEE Another bluetooth device on the bos or train. While the phones may be popular, not a whole lotta people are using bluetooth, it seems.

    Additionally, the phones I've got default to a Bluetooth radio-off mode...ya can't see them unless you a) turn them on (v600) or b) are already paired (nokia 9820)

    Lastly, at 15 feet, there's not a large number of people around you that can pull this off (except that poindexter across the aisle with the laptop and dish antenna pointed at you)

    Now, if you're being shadowed at less than 20 feet by a guy with a BT headset, get worried...or turn off your phone...or ignore it, you've got a blue bajillion minutes anyway.

    --
    "Draco dormiens nunquam titillandus."
    1. Re:panic! Fear! Oh no! by Profane+MuthaFucka · · Score: 1

      You can't hack a bluetooth easily unless you are within 15 feet of a person who also has bluetooth. You also can't catch a cold easily beyond that distance. Yet, my nose is running right now. The odds against me having a runny nose are mind boggling!

      Or, maybe not...

      --
      Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
    2. Re:panic! Fear! Oh no! by FauxPasIII · · Score: 1

      > Additionally, the phones I've got default to a Bluetooth radio-off mode...
      > ya can't see them unless you turn them on

      Wouldn't you have to leave it on (and vulnerable) in order to use one of those
      fancy wireless headsets tho?

      --
      25% Funny, 25% Insightful, 25% Informative, 25% Troll
    3. Re:panic! Fear! Oh no! by Dragee · · Score: 1
      15 to 20 feet? Try over a mile away with a BlueSniper Rifle.

      If that gets slashdotted, just UTFSE--bluetooth sniper hack gets you tons of relevant info.

      Yes, that's pretty visible on a bus, but what if I stand by the window of my 11-floor office and snipe the mindless drones walking the streets?

      --
      dragée (n): a sugarcoated nut
    4. Re:panic! Fear! Oh no! by TripMaster+Monkey · · Score: 1


      You can't hack a bluetooth easily unless you are within 15 feet of a person who also has bluetooth.

      Is that a fact?

      --
      ____

      ~ |rip/\/\aster /\/\onkey

    5. Re:panic! Fear! Oh no! by Matey-O · · Score: 1

      And there are exactly HOW many 'Toothers out there with a gun shaped antenna?

      The article says it can be done. The odds of it happening are _Vanishingly_ small.

      --
      "Draco dormiens nunquam titillandus."
    6. Re:panic! Fear! Oh no! by TripMaster+Monkey · · Score: 1


      And there are exactly HOW many 'Toothers out there with a gun shaped antenna?

      That information is classified. What's your security clearance, Citizen?

      The article says it can be done. The odds of it happening are _Vanishingly_ small.

      The odds of being struck by lightning are small, too, but sensible people still refrain from golfing in thunderstorms.

      --
      ____

      ~ |rip/\/\aster /\/\onkey

    7. Re:panic! Fear! Oh no! by damiangerous · · Score: 1

      Yes, it is a fact. Spending a couple hundred dollars on parts and then requiring a diverse range of skills from welding to electronics assembly is by no stretch of the imagination considered "easily".

    8. Re:panic! Fear! Oh no! by scd · · Score: 1

      Grandparent is a bit off on the v600. Bluetooth itself needs to be on to use headsets and so forth, but discovery is turned off by default (and can only be turned on for 60 seconds at a time, after which it turns back off).

      This means that under usual operating conditions, only devices that have previously paired with the phone can talk to it.

    9. Re:panic! Fear! Oh no! by Chuqmystr · · Score: 1

      Heh, you forgot to mention that Ch 11 News in L.A. CA will do at least 15 FUD stories on how evil hackers will steal our phonebooks, identities, memories and souls through our Blue-Cheese phones while we sleep. They will run these stories on the same days they have some clown standing out in the drizzle to let us know of the "BIG STORM!" Oh, BTW, even though I've been known to scan for BT at Union Station I have NEVER sent anyone a picture of the goings on at the platforms - I SWEAR!

    10. Re:panic! Fear! Oh no! by artg · · Score: 1

      In the US, they may be uncommon. But in the UK, where we've (rightly, IMHO) banned the use of handheld mobile phones while driving, wireless headsets are very common indeed. And as far as I know, they're all bluetooth.

  10. The Paper: Cracking the Bluetooth PIN by Anonymous Coward · · Score: 2, Informative



    Cracking the Bluetooth PIN


    This paper describes the implementation of an attack on the Bluetooth security mechanism. Specifically, we describe a passive attack, in which an attacker can find the PIN used during the pairing process. We then describe the cracking speed we can achieve through three optimizations methods. Our fastest optimization employs an algebraic representation of a central cryptographic primitive (SAFER+) used in Bluetooth. Our results show that a 4-digit PIN can be cracked in less than 0.3 sec on an old Pentium III 450MHz computer, and in 0.06 sec on a Pentium IV 3Ghz HT computer.

    --AS

  11. Them's the breaks... by Anonymous Coward · · Score: 0

    Them's the breaks of using a wireless medium. Anyone can participate without jacking-on.

    Score +10 pseudo insightful!

  12. Finally... by Mattygfunk1 · · Score: 3, Funny

    ...an excuse for my "adult" calls on my phone bills.

    __
    free funny videos
    1. Re:Finally... by MyLongNickName · · Score: 3, Insightful

      Does your mom make you do chores until you pay them off? You'd think once you hit 32, she'd stop doing that.

      --
      See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
    2. Re:Finally... by Mattygfunk1 · · Score: 1

      No, but my nosey girlfriend with a headache does. Grrrrrrr.

      __
      free funny videos
    3. Re:Finally... by MyLongNickName · · Score: 2, Funny

      :) Maybe suggest spankings as an alternative correction measure?

      (thank goodness for the 'Post Anonymously' option)

      --
      See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
    4. Re:Finally... by Mike+Buddha · · Score: 2, Funny

      by MyLongNickName (822545) Alter Relationship on 11:40 AM June 3rd, 2005 (#12716491)

      (thank goodness for the 'Post Anonymously' option)

      Doh!

      --
      by Mike Buddha -- Someday the mountain might get him, but the law never will.
  13. Not even surprised by Anonymous Coward · · Score: 0

    I'm not even surprised.

  14. Re:A fix... by plover · · Score: 4, Informative
    Don't use bluetooth! To me it seems very unnessesary to have a bt enabled phone.

    Then not only didn't you RTFA, but apparently you haven't used Bluetooth, either. Bluetooth is an extremely useful mechanism for many of us. It lets my PDA get on line; and when I hop in my vehicle, my car stereo magically becomes my car phone whenever it rings.

    I just wish more devices were Bluetooth enabled (and that this security hole didn't exist.) As is, I'm not losing sleep over this as I don't have a public-transit commute (the sort of place where breaks seem most likely to happen.)

    --
    John
  15. What about keyboards by Anonymous Coward · · Score: 2, Insightful

    The more important issue here is bluetooth keyboards. Can people use this hack to get my password that I'm typing on a wireless keyboard. (Distance issues aside.)

    The article doesn't seem to say.

  16. Serious Flaw by Nytewynd · · Score: 1

    That is an extremely serious flaw. The device sends its key to anyone claiming to forgot theirs? That is a great design. Why wouldn't it only resend the key if it recognized the ID as something it already paired with?

    It's like your online bank site giving someone else your password, just because they said they forgot it.

    While I doubt this is a widespread serious issue with the small number of bluetooth devices now, it could be an issue on something like a train, where there are a lot of business commuters with both bluetooth gadgets and laptops.

    --
    /. ++
    1. Re:Serious Flaw by ElQuesoEsViejo · · Score: 1

      The hacking device spoofs the ID of the known device, then says "whoopsie, I forgot our pin" causing the repairing, it said that in the article.

      --

      "...more and more of our imports come from overseas." - G.W. Bush

    2. Re:Serious Flaw by geekagent · · Score: 1

      It's because the ID is spoofed. IE, it thinks it's sending it to someone they've already paired with, and because it's over the wire, the spoofing device can pick up the re-pairing.

    3. Re:Serious Flaw by Mike+Buddha · · Score: 2, Informative

      The device sends its key to anyone claiming to forgot theirs? That is a great design. Why wouldn't it only resend the key if it recognized the ID as something it already paired with? \

      RTFA. The hackers device tells the other device that it forgot the key. The pairing is deleted. The user has to re-pair the devices if he wants to use them again. The hacker can listen to that second pairing and use the previously discovered techniques to get the key.

      --
      by Mike Buddha -- Someday the mountain might get him, but the law never will.
    4. Re:Serious Flaw by amliebsch · · Score: 1
      That is an extremely serious flaw. The device sends its key to anyone claiming to forgot theirs? That is a great design. Why wouldn't it only resend the key if it recognized the ID as something it already paired with?

      This has to be Microsoft's fault somehow.

      --
      If you don't know where you are going, you will wind up somewhere else.
    5. Re:Serious Flaw by Nytewynd · · Score: 1

      Thanks guys. The serious flaw was with my reading comprehension. I must have missed the spoofing part somehow.

      It still isn't good, but at least it's not as bad as I thought.

      --
      /. ++
    6. Re:Serious Flaw by sPaKr · · Score: 2, Informative

      It doesn't resend the key. The problem is that an unencrypted easily spoofable message can force the device to renegotiate a new key. This renegotiation is the vulnerable state. Really this just makes the orignal hack easier to preform in that it can happen when at any time instead of initial pairing of the two devices.

    7. Re:Serious Flaw by BandwidthHog · · Score: 1

      The device sends its key to anyone claiming to forgot theirs? [...] It's like your online bank site giving someone else your password, just because they said they forgot it.

      It's all a case of "be careful what you wish for..."

      Apparently a senior security researcher, in an effort to get an overzealous junior security researcher out of his hair, set him to the task of solving the problem of social engineering, and just to make sure he was occupied until nearly the end of time, told him he had to do it entirely within the existing protocol.

      --

      Quantum materiae materietur marmota monax si marmota monax materiam possit materiari?
  17. 4-digit PIN is the heart of the problem by G4from128k · · Score: 3, Insightful

    Reading between the lines, it seems that the short nature of the PIN code is a key to the exploit. The attacker forces a re-pairing, listens to the re-pairing exchange, and then tries all possible PIN codes to determine which one is the right one. Because a 4-digit PIN has only 10,000 possibilities, it's easy to brute force it.

    A longer alphanumeric PIN might be a first step to making this exploit much less practical -- increasing the PIN search time from a fraction of a second to hours or days.

    This looks like another classic example of the fundemental tradeoff between usability and security.

    --
    Two wrongs don't make a right, but three lefts do.
    1. Re:4-digit PIN is the heart of the problem by Anonymous Coward · · Score: 0

      My BT Pone uses an 8-16 digit PIN when connecting to my PC.

    2. Re:4-digit PIN is the heart of the problem by scrappy64 · · Score: 0

      creating an alpha-numeric pin increases the available characters to 10 digits + 26 letters = 36 characters. That'll increase the number of possible pin combinations to 1,679,616. Furth increasing the pin length to 5 or 6 digits would make 60,466,176 and 2,176,782,336. Then agin this might have an impact on the performance/functionalily...

    3. Re:4-digit PIN is the heart of the problem by wfberg · · Score: 1

      You can't brute-force 10,000 combinations with a good hope of succeeding if you only get three tries. Even a 25 second wait after 3 incorrect PINs would make the attack last a full day.

      --
      SCO employee? Check out the bounty
    4. Re:4-digit PIN is the heart of the problem by nacturation · · Score: 3, Insightful

      You can't brute-force 10,000 combinations with a good hope of succeeding if you only get three tries. Even a 25 second wait after 3 incorrect PINs would make the attack last a full day.

      I could be wrong, but my understanding is that you record the negotiation process, during which the unknown PIN is exchanged. You can then go offline and figure out which PIN number would have resulted in the particular set of data exchanged during the negotation. Then, you can go back online, having bruted the correct PIN, and Bob's your uncle.

      --
      Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
    5. Re:4-digit PIN is the heart of the problem by Anonymous Coward · · Score: 0

      If it only takes less than a second, couldn't someone do this offline, still be in the same place, then right after the program does it's thing, start doing bad stuff? :-(

    6. Re:4-digit PIN is the heart of the problem by Anonymous Coward · · Score: 0

      and Bob's your uncle.
      ...and Alice is your... mother ?

    7. Re:4-digit PIN is the heart of the problem by XNormal · · Score: 1

      You can't brute-force 10,000 combinations with a good hope of succeeding if you only get three tries. Even a 25 second wait after 3 incorrect PINs would make the attack last a full day.

      In order to get that kind of security you would need to change the pairing protocol to use EKE, SPEKE or similar protocol that which is resistant to offline attacks even with weak passwords. These algorithms are patented by Lucent and Phoenix Technologies.

      --
      Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
  18. Re:I love you! by Anonymous Coward · · Score: 0

    woohoo! finally a nerd got laid ;)

  19. Re:A fix... by Have+Blue · · Score: 1

    Bluetooth is also useful for multiple computers. I've paired my laptop and workstation, so I can send a file between them with a single command- no login/disconnect process, no navigation, just completely ad-hoc click and go. The only limitation is that it tops out around 30K/sec, so it can't be used with really large files.

  20. Not such a big threat by Zarhan · · Score: 3, Informative

    Ok, before this the attacker could only attack when the target link was forming.

    With this, you can force them to re-form at will.

    Even so, you still need to bruteforce the PIN. The "PIN" is really a 16-byte field, and is not really limited to numeric (or even alphanumeric) characters.

    So what can be done:

    1) Start using long PIN codes (if your device is limited to numbers, at least use the maximum length)
    2) Software update that notifies user of the "forced re-pairing"
    3) Allow users to use PIN's beyond the numeric space or possibility to use some pre-shared secret keys.

    This affects those of you who use "1234" or similar keys for pairing process for convenience.

    1. Re:Not such a big threat by MarkCollette · · Score: 1

      Most likely the devices shouldn't just notify the user of repairing, but prompt for the PIN then as well.

      Right now, it appears that:

      First pairing: Request PIN -> Have stored PIN -> Make that long internal code
      Subsequent pairing: Have stored PIN -> Make that long internal code

      If they just removed the optimisation of storing the PIN, then it would be more secure. Plus since there'd be no need to store it, then if you lost your phone no one could extract the PIN, which may well be the same as your banking PIN, etc.

      That, along with longer PINs would thwart most attacks.

  21. How To Crack WEP by Anonymous Coward · · Score: 0

    To whom it may concern:

    How To Crack WEP - Part 1: Setup & Network Recon
    and
    How To Crack WEP - Part 2: Performing the Crack

    Are 2 more interesting cracking articles I came across lately.

  22. Just take today's story... by Xaroth · · Score: 2, Informative

    ...add one of these bad boys and shake vigorously.

    Mmm... phreaky...

    --
    That green slime had it coming.
  23. Amazing... by Junta · · Score: 1

    That's the combination to my luggage!

    --
    XML is like violence. If it doesn't solve the problem, use more.
    1. Re:Amazing... by Anonymous Coward · · Score: 0

      Why on earth would you have such a dumb luggage combination, and after that, why would you publically announce it? Methinks you didn't think this through, idoit.

    2. Re:Amazing... by yRabbit · · Score: 1

      What, how dare you speak to Spaceball Emperor Junta that way!

  24. What would John Conner have to say about this? by xCepheus · · Score: 1

    My guess would be... "Easy money baby."

    1. Re:What would John Conner have to say about this? by Gangalino · · Score: 1

      Ollie Whitehouse? Has to be a FCC/CIA alias... Anyway, Bluetooth security? Anyone read that FCC disclosure about how the device can be operated, turned-on/off remotely? There is no security from the U.S.

  25. Re:A fix... by Anonymous Coward · · Score: 0

    Wait til you see this new bumper sticker on your daily commute:

    "If you can read this, I'm hacking your Bluetooth"

  26. Whitehouse? by halfelven · · Score: 1
    In April 2004, UK-based Ollie Whitehouse, at that time working for security firm @Stake, showed that even Bluetooth devices in secure mode could be attacked.

    He must be a relative to the Whitehouse family in Cryptonomicon and The Baroque Trilogy - everyone in that family was supposed to be a hacker, after all. ;-)
    1. Re:Whitehouse? by Anonymous Coward · · Score: 0

      that would be "Waterhouse". noone in BT or Crypto is named whitehouse.

    2. Re:Whitehouse? by Anonymous Coward · · Score: 0

      WATERhouse.

    3. Re:Whitehouse? by halfelven · · Score: 1

      Ah damn, sorry, nevermind.
      Too much staring at the tube, too little rest for the poor brain.

  27. P4-eneabled by brontus3927 · · Score: 1
    they can work out the link key in just 0.06 seconds on a Pentium IV-enabled computer

    I wonder how long it would take with Pentium 4 disabled.

    --
    Free MacMini
    1. Re:P4-eneabled by ArbitraryConstant · · Score: 1

      I think that's a journalist that doesn't know what "hyper-threading" means, so they just dropped it.

      --
      I rarely criticize things I don't care about.
  28. Mastercard Comercieal? by SPY_jmr1 · · Score: 2, Funny

    Curse goodness when you forget use it...

  29. Really? by glrotate · · Score: 1

    He was an old man in the 1940's.

    How old are you?

  30. ALL RIGHT!!! by Mr.+BS · · Score: 1


    Time to get more Paris Hilton pics!

  31. I was gonna ... by mobilemic · · Score: 1, Funny

    phone in my comment. But ... somehow ... my cell phone appears to be busy.

  32. Maybe a crack - but not really useful by myrashka · · Score: 1

    Ok, so I went and look at my bluetooth devices again (a Motorola cell phone and a Logitech keyboard/mouse) - in both cases, I don't see how this crack would actually work:

    - With the Logitech keyboard, you actually have to type in the PIN from the keyboard in order for it to pair.

    - The motorola must be told to pair specifically - so if it loses connection with a device, it won't automatically re-pair because I haven't made my phone pairable. To make the phone pairable requires a specific menu sequence and then it's only valid for about 30 seconds (and shuts off again).

    In both these cases, I don't see a hacker getting in even with spoofing, because both of those events require user intervention (so perhaps the dumb user won't understand...)

    I tried one more thing to confirm this - I got another laptop and named it identically to the first one...so it acted as the first one but without a pairing. Again, the phone ignored the request until I said it could pair (a manual interaction) and the keyboard required me to type in the pin from the keyboard. Btw, my laptop also doesn't allow pairing without explicit user intervention.

    So great, they found a theoretical vulnerability, but one with an easy work around and one vendors have already seemed to predict. Besides, how useful can this be? As someone said, if you see someone stalking you, you have bigger problems. And if your keyboard stops working because it's paired to another device, it's unlikely you're going to be typing anything on it.

    Find something else to worry about...

    1. Re:Maybe a crack - but not really useful by craftsman · · Score: 1

      Presumably Bluetooth car keys are not open to this attack? anyone know?

    2. Re:Maybe a crack - but not really useful by Anonymous Coward · · Score: 0

      I'm not aware of any Bluetooth car keys on the market, though there are a variety of pure RF or traditional-with-RF keys sold with vehicles today.

    3. Re:Maybe a crack - but not really useful by craftsman · · Score: 1

      The Prius salesman told me they were using them, but him being ignorant is a likely candidate. I ended up not going with a Prius.

    4. Re:Maybe a crack - but not really useful by plover · · Score: 1
      After having read the actual paper and not just TFA, I see how the attack works. It's done in several steps.
      • 1. The attacker sends an "oops I forgot our link key that we came up with way back whenever it was that we paired". The phone immediately stops talking with the device, because the device just reported "I can't be trusted."
      • 2. The attacker waits for the human victim to notice that his devices don't work. Perhaps his phone says "please reenter pair code with device 'logitech keyboard'", or maybe it simply says "unknown device 'logitech keyboard'". The victim manually performs the pairing operation again between the devices. The pairing process exchanges a couple blocks of data between the machines. The attacker silently records the exchange.
      • 3. The attacker runs a program that uses the sniffed exchange of pairing information, and establishes by brute force the value of the PIN used. He uses this to recreate the link key inside his PC. With a four digit PIN, this takes under a second. With a 7 digit PIN, it still only takes about a minute.
      • 4. The attacker waits for the user to be done using the Bluetooth devices; typically this is indicated when the user closes the laptop or removes the headpiece. The attacker then sends the recorded ID of the laptop or headpiece along with the generated link key. The phone thinks the real laptop or headpiece is on line again, and establishes communications immediately. Spoofing commences.
      Here's another interesting fact mentioned in the paper: step 1 is optional. If you pair your device every time you use it (instead of having the phone and the device remember each other,) the attacker doesn't have to force you to perform the pairing. All he requires is for you to perform the pairing so he can record it (as in step 2.) And as you pointed out, if you shut off your keyboard your phone will still be receptive to the attacker's spoof for up to 30 seconds. That's plenty of time to launch a new connection. After that, it's open season on your phone's ObEx to raid your stored numbers, pictures, sounds, whatever; making network connections on your phone using up your monthly data; making long-distance calls using your phone, etc.

      The security suggestions of the paper's authors include "don't pair in a public place" and "don't use your devices in 'always require pairing' mode."

      --
      John
  33. Security should not optional by AAeyers · · Score: 1

    ...even when security features are switched on.

    Why does everything come with security 'features'? Shouldn't everything be as secure as possible out of the box? If it was made inherently secure, it wouldn't need 'features'.

    --
    "For Great Justice."
  34. flaw in the article by Keruo · · Score: 1

    FTA: The first step requires the legitimate users to type the same secret, four-digit PIN into both devices.

    Pin length isn't fixed in bluetooth.
    It can be anything between 1 to 16 numbers.
    Sure it's easy to crack if you use one or two digit length,
    but with 8 digits or more, it will take much longer to crack using brute force.

    Besides, bluetooth always requires authorization before allowing network/dialup access from the modem device, even if it's already paired with the client machine.
    Annoying, but gives extra security step.

    --
    There are no atheists when recovering from tape backup.
    1. Re:flaw in the article by plover · · Score: 1
      Nope, Bluetooth absolutely does not require the extra auth step. Without touching my phone, I can pick up my Tungsten and go online through my phone.

      You can, however, set up your phone so that this extra auth step is required. But this exposes you to exactly the vulnerability mentioned in the paper:

      6 Countermeasures

      [ ... ]

      Most Bluetooth devices save the link key (Kab) in non-volatile memory for future use. This way, when the same Bluetooth devices wish to communicate again, they use the stored link key. However, there is another mode of work, which requires entering the PIN into both devices every time they wish to communicate, even if they have already been paired before. This mode gives a false sense of security! Starting the pairing process every time increases the probability of an attacker eavesdropping on the messages transferred. We suggest not to use this mode of work.

      --
      John
  35. peripheral devices by Anonymous Coward · · Score: 0

    It is often very easy to find the pin code, as most peripheral dumb devices such as BT headsets come programmed with the pin set to 0000 and cannot be changed.

  36. Paper describing the attack by IcyHando'Death · · Score: 2, Informative
    The researchers who developed this new attack will be presenting their results in Seattle on Monday, June 6 at MobiSys 2005. Their paper can be viewed at http://www.eng.tau.ac.il/~yash/shaked-wool-mobisys 05/

    Mike

  37. I didn't know anyone took bluetooth security... by exp(pi*sqrt(163)) · · Score: 1

    ...seriously. The giveaway is the 4 digit pin. Of course it's crackable. You don't even have to look at the specs to deduce that.

    --
    Doesn't it make you feel good to know that our freedoms are protected by politicans, lawyers and journalists.
  38. Solution is longer PIN lengths by mamer-retrogamer · · Score: 1

    By looking at the timing results for their fastest algorithm (algebraic manipulation), it appears that adding a single PIN digit increases the calculation time 10-fold.

    Just by making the pin 8 digits, this crack would take over 12 minutes.

    And then there's this little tid-bit:

    "Note that the attack, as described, is only fully successful against PIN values of under 64 bits. If the PIN is longer, then with high probability there will be multiple PIN candidates, since the two SRES values only provide 64 bits of data to test against. A 64 bit PIN is equivalent to a 19 decimal digits PIN."

    -Mike

    --
    Schrödinger's cat is not amused—maybe.
    1. Re:Solution is longer PIN lengths by blackdragon7777 · · Score: 1

      And implementing something like that will just make it easier to hack in because people don't like to have to remember long passwords especially with weird requirements. They are very hard to remember and people just end up going with 111111111111111111 or some such thing.

  39. Two Words... by nacturation · · Score: 1

    Paris Hilton

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  40. ok, so what by recharged95 · · Score: 1
    this is really a flaw in the reconnection process. All they need to do is change the reconnection procedure--make it more complex (mathematically that is). For instance, during reconnect the sender's PIN must be encoded and resent (with the previously setup key stored on the sending device--which is likely not on the hackers device).


    With the relibility of bluetooth, peer reconnect is uncommon unless a guy w/a big antenna is sitting right next to you trying to disrupt your connection (as mentioned). It's not the PIN nor encryption at fault, just the [lazy] way of reconnecting.

  41. Re:A fix... by Le+Marteau · · Score: 1

    As is, I'm not losing sleep over this as I don't have a public-transit commute

    Well, as long as you don't get stuck in heavy traffic, you'll probably be OK. I can imagine guys right now, imagining and designing automated systems so they can drive around, hijacking devices, doing nefarious things. Basically a money machine, ala:

    1) Create Automated Bluetooth Hack Box
    2) ????
    3) PROFIT!!!

    --
    Mod down people who tell people how to mod in their sigs
  42. the obvious answer to these Bluetooth hacks... by Anonymous Coward · · Score: 0

    and most wireless hacks, actually is this:

    Obviously, we all need to carry a small EMP generator and periodically, without warning, suddenly shield our device and the device we're trying to legitimately connect to, then POW blast the EMP and destroy any "outside" devices that may possibly be listening it.
    No, this is not impractical. Please begin taking these precautions immediately!

  43. Didn't Apple invent Bluetooth 2.0? by callipygian-showsyst · · Score: 1
    I know Apple was the first to start shipping Bluetooth 2.0? What did they have to do with these security problems?

    Few people realize how Apple's responsible for many of the technologies that plague personal computers today. For example, the first computer virus recorded came out in 1982 on Apple hardware and exploited flaws in Apple's early operating system. Apple also had a key role in the development of the MIME attachemnt protocol (via their NeXT subsidiary) that allowed malicious executable software to be mailed around with ease.

    --
    Best Buy can have you arrested
    1. Re:Didn't Apple invent Bluetooth 2.0? by LanMan04 · · Score: 1

      Apple didn't invent Bluetooth 2.0. Also, how come Apple got their shit together and Microsoft didn't? Last time I check my Mac, it wasn't vulnerable to either any current virii or MIME-contained executables.

      And don't forget, Apple is also responsible for both 400Mb/s and 800Mb/s firewire, along with the best ZefoConf protocol there is, Rendezous/Bonjour. And made the 3.5" floppy disk standard....in fucking 1984. Original mac also shipped with a real sound processor and speaker, instead of that boop/beep stuff that was standard on PCs well into the 90s.

      --
      With the first link, the chain is forged.
    2. Re:Didn't Apple invent Bluetooth 2.0? by Mechcozmo · · Score: 1
      Uh-huh. So, the Apple ][ is the sole cause for Blaster, SoBig, Poza, and every single other virus out there? What about adware? Did Apple 'cause' that to happen too?

      And NeXT was never a subsidiary of Apple. NeXT broke away from Apple, started by Steve Jobs, and later bought to form Rhapsody and then completely re-written (but with the same ideals) to form OS X.

      And Bluetooth 2.0 is a standard. Apple doesn't make the standard-- they comply with the standard. Like I could make a web browser that whenever it found a tag it would instead display the text as bright pink. It wouldn't comply with HTML standards, but it would still interpret the tag. Another tag might be interpreted as small, rotating, and dark-red. It interpreted the tag, just not like the standards said to read it.

  44. "Secure" Bluetooth devices... by TheTranceFan · · Score: 1

    Sounds like we shoul start putting quote marks around the word "secure" whenver we talk about Bluetooth devices.

  45. Re:TROLLTALK FAILS IT by Anonymous Coward · · Score: 0

    Third is still very close!

  46. Victim can't stop this type of brute force attack by G4from128k · · Score: 2, Insightful

    You can't brute-force 10,000 combinations with a good hope of succeeding if you only get three tries. Even a 25 second wait after 3 incorrect PINs would make the attack last a full day.

    Actually the "brute force" is not done by communication so the victim cannot stall the attack. The brute force attack is entirely computed in software by the attacker's PC. The attacker simulates all 10,000 combinations until he/she gets a match with what was sniffed during listening to the re-pairing processes. The attacker only sends two communications to the victim's device: 1) a "I've lost the PIN, lets re-pair please" message. and 2) a successful here's the valid 128-bit key. Thus, the victim cannot make the attacker wait 25 seconds between tries because the cracking attempts are all done inside the attacker's PC.

    That is what makes this attack so evil. The victim only sees one message (if that) and probably thinks "Oh, one of my Bluetooth devices has glitched/crashed and I need to re-enter the PIN." Given the general unreliability of most computing devices these days I bet the victim is not even that surprised/suspicious of the message.

    --
    Two wrongs don't make a right, but three lefts do.
  47. quick question to /. by dAzED1 · · Score: 1

    I'm about to buy a cell phone. I was looking at a couple blue-tooth phones, just to keep the cell phone viable for a longer period of time. Should I refrain?

  48. Longer PIN length not a panacea by pkhuong · · Score: 1

    Re the 19 decimal digits thing: what % of PHBs do you think you'd be able to convince to use a _20+_ digit code? I believe that code has to be entered at each repairing?

    Also, the attack is trivially parallelisable (it's bruteforce, hence the exponential curve). Even without additional caching à la MD5, the amount of data describing the data is extremely small, and could easily be sent over the internet. 64 or 128 P4s aren't exactly hard to come by. Moreover, it seems like the researchers haven't used SIMD extensions. SSE2 supports a 2x64 format, and it seems like that could potentially nearly double the throughput. Admittedly, it'd complicate the parts that rely on LUTs, but, given enough memory, I believe that there are bit swizzling routines that'd allow to mask and shift only part of the register (it'd multiply the table's size by 4, though). This isn't an attack I'd dismiss as impractical, for both human and technological reasons.

    --
    Try Corewar @ www.koth.org - rec.games.corewar
  49. I'm really glad... by Anonymous Coward · · Score: 0

    I'm glad I didn't get a bluetooth phone. I almost decided to get one, but being a security geek, I wisely thought better of it.

    Glad I made the right decision... the problem is that a Cell phone should be a phone. Something you make phone calls on... adding all that other crap to the phone (camera, PDA, etc) is really not something I would need.

    I just hope it will be possible to get just a phone if someone wants one.

  50. Dumbass! by Anonymous Coward · · Score: 0

    It was the Waterhouse family.

  51. hmm by blackdragon7777 · · Score: 1

    So they are called "Cryptographers" now...

  52. Re:A fix... by plover · · Score: 1
    I especially have nothing to worry about in traffic. I'm not on line with my PDA during my commute (I'm driving!) and if my cell phone doesn't pair up with my car stereo Bluetooth kit, well then I won't be answering the phone.

    The first phase of the attack requires me, the human victim, to go through several steps. First and most important, I have to notice that Bluetooth isn't working. I then have to read the tiny screen of the phone to see what the error is, and decide that pairing is necessary. I then have to go through the entire manual pairing process, reading cryptic instructions and navigating unfamiliar menus with a thumb-joystick thing. I'm not so suicidal as to attempt any of the above from the driver's seat in traffic.

    --
    John
  53. Yes, sorta. by Otto · · Score: 1

    Can people use this hack to get my password that I'm typing on a wireless keyboard. (Distance issues aside.)

    Essentially, yes, although it's a bit complex. Basically, they can send out a packet that forces your keyboard to stop working. At this point you have to re-pair your keyboard, so you type in the PIN and re-pair it.

    Now, the PIN is never actually sent, but by capturing what *is* sent between your machine and your keyboard in setting up that secured connection, and then running a program to brute force it by trying all 10,000 PINs to see if that would produce what they captured, they can figure out the PIN. And then, yes, they can decode everything you type.

    --
    - Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
  54. The truth by Penguinoflight · · Score: 1

    Others interfering with your business isn't a problem when you aren't allowed to do anything worthwhile.

    Freedom Above All

    --
    "And we have seen and do testify that the Father sent the Son to be the Savior of the World"
    1 John 4:14
  55. Never unhackable by rutski89 · · Score: 1

    I'm pretty sure that just about everything will be hackable in some shape or form for the remainder of your life times :-/

  56. Not me by Anonymous Coward · · Score: 0

    [quote]I'm pretty sure that just about everything will be hackable in some shape or form for the remainder of your life times :-/[quote/]

    They can't hack into my brain becuase I have a tin-foil bike helmet.