Slashdot Mirror

← Back to Stories (view on slashdot.org)

Shake a Secure Bluetooth Connection

Posted by CowboyNeal on from the trembling-with-anticipation dept.

heilbron writes "The Austrian researcher Rene Mayrhofer of the British Lancaster university and his colleague Hans Gellersen developed a technology to simplify a secured wireless connection of mobile devices. With the so-called shake-to-connect technology an authenticated Bluetooth connection between two mobile phones is established by rhythmic shaking. Integrated oscillation sensors, contained in some mobile phone models, form the basis. The two researchers sketched out a prototype, which is intended for Nokia mobile phones. An example is documented in this YouTube video clip. If two mobile phones are shaken together, the software in both devices registers the same shaking frequency and authenticates the radio link. The principle is summed up in a four page PDF document."

26 of 107 comments (clear)

  1. Not just Cell phones use bluetooth by nurb432 · · Score: 5, Funny

    I want to see you shake your bluetooth enabled car so you can sync with your phone, or spend the time shaking your keyboard and mouse ( and not look like an idiot ).

    I can see a PDA getting loose during shaking and sending it flying under a bus. *crunch*

    --
    ---- Booth was a patriot ----
    1. Re:Not just Cell phones use bluetooth by Anonymous Coward · · Score: 5, Insightful

      You're absolutely right! I mean, since this idea can't be used for everything, then it's totally worthless!

    2. Re:Not just Cell phones use bluetooth by MankyD · · Score: 4, Interesting

      I want to see you shake your bluetooth enabled car so you can sync with your phone...
      Perhaps you could - there's no reason a properly sensitive gyroscope can't detect the acceleration, turns, and even rumblings of a car and pair it up with a similarly moving phone.
      --
      -dave
      http://millionnumbers.com/ - own the number of your dreams
    3. Re:Not just Cell phones use bluetooth by nurb432 · · Score: 2, Interesting

      Although i was joking ( mostly ) to do what you propose you would have to strap the phone down to something sturdy like the dashboard, and not in one of those cute 'holsters' in order to get a accurate transferral of vibration.

      Tossing it on the passenger seat wont work either.

      --
      ---- Booth was a patriot ----
    4. Re:Not just Cell phones use bluetooth by MT628496 · · Score: 2, Funny

      Right, like anyone on Slashdot will be doing what it normally takes to make a car shake.

    5. Re:Not just Cell phones use bluetooth by nurb432 · · Score: 2, Funny

      Not having properly balanced tires?

      --
      ---- Booth was a patriot ----
    6. Re:Not just Cell phones use bluetooth by dfghjk · · Score: 3, Insightful

      You don't have to shake the car, just shake the sensor that the car reads. Such a thing may be stupid but it would be trivially easy to implement. Glad to see you really thought about this before commmenting...

  2. Because entering a PIN is sooooo difficult by Coward+Anonymous · · Score: 5, Insightful

    This is a solution looking for a problem...

    1. Re:Because entering a PIN is sooooo difficult by skiingyac · · Score: 4, Interesting

      Or a accelerometer manufacturer looking for a client...

      If only ALL PHONES already had some way to accept input... Hmm... How about you hold both phones up to your mouth and whisper some random words into them at the same time? To encourage people from not all saying "12345", one phone could even display a random sequence of numbers that you then speak into the phones. It doesn't matter if you say the right numbers, since both phones are going off what they hear.

      With the shaking method, someone can either watch you and try to shake theirs at the same time, or record a video of it and figure out what the acceleration values should be. With speaking, the attacker would have to get the sounds right, plus get the volume right, plus get the background noise & relative timing right (which is going to be slightly off unless the attacker is RIGHT next to you). Better yet, both phone owners could speak the sequence standing slightly apart, so nobody else will hear person #1, person #2, and the background noise with the same timings.

  3. Wii uses bluetooth. by Anonymous Coward · · Score: 3, Funny

    "I need to shake my Wii."

    1. Re:Wii uses bluetooth. by morgan_greywolf · · Score: 4, Funny

      "I need to shake my Wii." Damn. I'm having trouble with mine connecting. Can you come over here and shake my Wii for me?
      --
      My blog
  4. Shake to Authenticate is a bad idea by nahdude812 · · Score: 4, Insightful

    The idea of the authentication system being two devices being shaken together seems like a weak idea. There are plenty of times when multiple devices will undergo the same accelerations as each other, and the owners of the respective devices do not necessarily intend for them to be paired. For example, sit next to someone on a bus.

    --
    Slay a dragon... over lunch!
    1. Re:Shake to Authenticate is a bad idea by Anonymous Coward · · Score: 2, Funny

      maybe it'll finally give us a reason to outlaw line dancing! obviously violates the dmca

    2. Re:Shake to Authenticate is a bad idea by the_lesser_gatsby · · Score: 4, Insightful

      Why not just use the button to skip to the next song?

    3. Re:Shake to Authenticate is a bad idea by marcello_dl · · Score: 4, Insightful

      > The idea of the authentication system being two devices being shaken together seems like a weak idea.

      Yep, why not provide a contact area for devices so you simply have to put them together? It could be used to exchange a key, or act with usb2 speed for data transfer with less effort than implementing accelerometers and software.

      --
      ---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
  5. Re:Shake this! by cloakable · · Score: 3, Funny

    Yeah, but what'll you do when she says her taser is too, and offers to link?

    --
    No tyrant thrives when every subject says no.
  6. Completely flipping pointless by mlk · · Score: 5, Insightful

    Thinking about my use of Bluetooth:
    a) Headset to phone auth - Done once when I bought the device, why would I want to make the headset heaver and more expenive.
    b) Computer/phone auth - Done twice once with my home computer (a desktop-replacement laptop) and works desktop computer (not likely to pick that up and shake it)
    c) Snyc with friends phone (share numbers) - I think I have done this once, normally I just send them a text message or quickly call them etc, but if I were to do it again I'd have to either let a friend shake my phone (top of the range smart phone) or a friend will let me shake his/hers (jokes abound). Mostly also top of the range smart phones. That is not likely to go down well.

    --
    Wow, I should not post when knackered.
  7. Ringtone suggestions include... by StarfishOne · · Score: 3, Funny

    DJ Jazzy Jeff & The Fresh Prince - Boom! Shake The Room
    The Beatles - Hippy Hippy Shake
    Mariah Carey - Shake It Off
    Seal Paul - Shake that thing
    Ying Yang Twins - Shake
    Eminem - Shake That: Edited Version
    Howlin' Wolf - Shake It For Me
    Beastie Boys - Shake Your Rump
    Savage Garden - Break and shake me

  8. Brownian motion authentication by SpacePunk · · Score: 3, Funny

    It's only a matter of time till you'll have to dunk both deviced into a cup of tea.

    --
    Steve's Computer Service, Hobbs, NM
  9. Why just shaking? by dyftm · · Score: 3, Interesting
    Why just limit yourself to shaking, when you could use:
    • Sound - put both devices together, speak into both of them at once
    • Rhythmic button pressing - hold a device in each hand, tap out a rhythm on the buttons at the same time
    • Sound pairing - put devices together, they use their speaker/mic to handshake
  10. Connection by hey · · Score: 4, Insightful

    How about plugging them into each other with USB, etc.
    They could exchange tokens.
    Then future Bluetooth communication would be pretty secure.
    Oh wait, that's too sane.

    1. Re:Connection by stormguard2099 · · Score: 2, Insightful

      I thought one of the main points of bluetooth was not having to use a cable? Yes, I realize that you wouldn't have to use the cord all of the time but everytime I've used my bluetooth it has been on a whim and a place where I was not around cords or anything.

      --
      http://greenobyl.com/ please.... think of the children!!
  11. Re:Bluetooth Request GUI by rufo · · Score: 2, Interesting

    If the recipient's phone is set to be discoverable, you can beam stuff (most often contact info, but any type of data can work) ala Palm IR, complete with an allow/deny button. Thing is, most of the time you don't have discoverability enabled, and it's usually too inconvenient to dig through five layers of menus to get to the setting. At least with IR you need to point it at the other person's PDA, which acts as an informal permission system.

    --
    My English teacher once told me that two positives don't make a negative. Two words for her: Yeah, right.
  12. So not the point! by pablo_max · · Score: 3, Insightful

    This is just one more example that the guys in the Bluetooth SIG do not understand the problems that are really there with Bluetooth. I mean honestly, how many times does anyone pair with a second phone? I would say almost never. 99% of Bluetooth users are using it for headset profile, or to sync their handset to the the computer. We will see much more phone book access profile stuff coming from car kits which enable you to control your phone in a better way, but not phone to phone. I work with Bluetooth for a living, and it can even take me more than an hour to get a Bluetooth stack working properly on a PC. I have heard so many stories that people can get their PC to pair with the headset the first time, but after a reboot, or standby, forget about it. These "interoperability" issues are what holds the tech back. This and the bonding procedure.

  13. Great at Disneyland by kabdib · · Score: 2, Interesting

    Must be great at an amusement park: You get off the roller-coaster with dozens of new friends.

    Let's not contemplate what happens during an earthquake.

    [I knew Bluetooth was in deep doo-doo in the late 90s, when I first saw a 900pp book on the protocols involved. Why is it that wireless-specific protocols are all garbage?]

    --
    Any sufficiently advanced technology is insufficiently documented.
  14. MOD PARENT UP by fmobus · · Score: 2, Insightful

    seriously, why is this not in use? It would make harder to access a bluetooth device without authorization, as it would require physical access...

    In my dream bluetooth world, devices would only "pair" when connected with some sort of hermaphrodite interface (and would work wirelessly thereafter). Much like my wifi router: its initial setup was only accessible by its ethernet interfaces. This is the only way to rule out spoofings, man-in-the-middle attacks.