New Way To Crack Secure Bluetooth Devices

← Back to Stories (view on slashdot.org)

New Way To Crack Secure Bluetooth Devices

Posted by Zonk on Friday June 3, 2005 @06:20AM from the mind-what-you-say dept.

moon_monkey writes "Cryptographers have discovered a way to hack Bluetooth-enabled devices even when security features are switched on, according to a report from New Scientist.com. The discovery may make it even easier for hackers to eavesdrop on conversations and charge their own calls to someone else's cellphone. From the article: 'Our attack makes it possible to crack every communication between two Bluetooth devices, and not only if it is the first communication between those devices,'"

5 of 137 comments (clear)

Min score:

Reason:

Sort:

Funny quote by MyLongNickName · 2005-06-03 06:24 · Score: 3, Insightful

"Too many people are thinking of security instead of opportunity. They seem more afraid of life than death. -- James F. Byrnes"

At bottom of Slashdot screen :)

--
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
Re:Finally... by MyLongNickName · 2005-06-03 06:33 · Score: 3, Insightful

Does your mom make you do chores until you pay them off? You'd think once you hit 32, she'd stop doing that.

--
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
4-digit PIN is the heart of the problem by G4from128k · 2005-06-03 06:36 · Score: 3, Insightful

Reading between the lines, it seems that the short nature of the PIN code is a key to the exploit. The attacker forces a re-pairing, listens to the re-pairing exchange, and then tries all possible PIN codes to determine which one is the right one. Because a 4-digit PIN has only 10,000 possibilities, it's easy to brute force it.

A longer alphanumeric PIN might be a first step to making this exploit much less practical -- increasing the PIN search time from a fraction of a second to hours or days.

This looks like another classic example of the fundemental tradeoff between usability and security.

--
Two wrongs don't make a right, but three lefts do.
1. Re:4-digit PIN is the heart of the problem by nacturation · 2005-06-03 08:06 · Score: 3, Insightful
  
  You can't brute-force 10,000 combinations with a good hope of succeeding if you only get three tries. Even a 25 second wait after 3 incorrect PINs would make the attack last a full day.
  
  I could be wrong, but my understanding is that you record the negotiation process, during which the unknown PIN is exchanged. You can then go offline and figure out which PIN number would have resulted in the particular set of data exchanged during the negotation. Then, you can go back online, having bruted the correct PIN, and Bob's your uncle.
  
  --
  Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
Re:Article is missing an important detail by Sancho · 2005-06-03 06:37 · Score: 3, Insightful

The article isn't clear.

They imply that part of the pairing process is inputting the 4 digit PIN. If this is the case, user intervention would be required for re-pairing. Maybe the article wasn't as precise as possible regarding the process, but it distinctly uses the above terminology which, to me, implies manual input.

Perhaps the devices remember the PIN if the link-key is forgotten, thus removing the need for user intervention? That would explain the bit in the article about trying every PIN (a 4-digit PIN seems pretty ridiculously small, regardless).