Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Way To Crack Secure Bluetooth Devices

Posted by Zonk on from the mind-what-you-say dept.

moon_monkey writes "Cryptographers have discovered a way to hack Bluetooth-enabled devices even when security features are switched on, according to a report from New Scientist.com. The discovery may make it even easier for hackers to eavesdrop on conversations and charge their own calls to someone else's cellphone. From the article: 'Our attack makes it possible to crack every communication between two Bluetooth devices, and not only if it is the first communication between those devices,'"

4 of 137 comments (clear)

  1. Re:Article is missing an important detail by wyoung76 · · Score: 3, Informative
    From TFA:

    Wool and Shaked have managed to force pairing by pretending to be one of the two devices and sending a message to the other claiming to have forgotten the link key.

    So, it's an automatic and remote attack which doesn't rely upon any cooperation from either of the two original Bluetooth devices.

  2. Re:A fix... by plover · · Score: 4, Informative
    Don't use bluetooth! To me it seems very unnessesary to have a bt enabled phone.

    Then not only didn't you RTFA, but apparently you haven't used Bluetooth, either. Bluetooth is an extremely useful mechanism for many of us. It lets my PDA get on line; and when I hop in my vehicle, my car stereo magically becomes my car phone whenever it rings.

    I just wish more devices were Bluetooth enabled (and that this security hole didn't exist.) As is, I'm not losing sleep over this as I don't have a public-transit commute (the sort of place where breaks seem most likely to happen.)

    --
    John
  3. Re:Article is missing an important detail by MadRocketScientist · · Score: 5, Informative

    Digging up their paper, it seems that it is not automatic:

    If the attack is successful, the Bluetooth user will need to enter the PIN again - so a suspicious user may realize that his Bluetooth device is under attack and refuse to enter the PIN.

  4. Not such a big threat by Zarhan · · Score: 3, Informative

    Ok, before this the attacker could only attack when the target link was forming.

    With this, you can force them to re-form at will.

    Even so, you still need to bruteforce the PIN. The "PIN" is really a 16-byte field, and is not really limited to numeric (or even alphanumeric) characters.

    So what can be done:

    1) Start using long PIN codes (if your device is limited to numbers, at least use the maximum length)
    2) Software update that notifies user of the "forced re-pairing"
    3) Allow users to use PIN's beyond the numeric space or possibility to use some pre-shared secret keys.

    This affects those of you who use "1234" or similar keys for pairing process for convenience.