Another way to be hacked, this time using Bluetooth

[doctorgonzo]

Looks like there is a way to easily hack into Bluetooth devices to find out the secret key that "pairs" two devices together. Finding the key requires 0.06 seconds on a Pentium 4, or 0.3 seconds on a Pentium 3.

I see a lot of people walking around with those Bluetooth earbuds they use to connect to their cell phones. It sounds like this could be used to make cell phone calls using somebody else's phone pretty easily. Glad I don't have one.

[nubbler]

Interesting. I'll have to wait and see what everybody does before I get one.

[mbossman2]

Quote:

But this technique did not pose a serious risk because it could be performed only if the hacker happened to catch two Bluetooth devices just before their first communication, during a process known as “pairing”.

While being hacked is nothing to scoff at, from the article quote above it looks like it would take a concerted effort to capture and decrypt the handshake...

Also the limited range of bluetooth (10m or so) makes hacking very problematic or useful.

[nubbler]

Quote:

Originally Posted by mbossman2 While being hacked is nothing to scoff at, from the article quote above it looks like it would take a concerted effort to capture and decrypt the handshake... Also the limited range of bluetooth (10m or so) makes hacking very problematic or useful.

Futher down it says this.

Quote:

Now Avishai Wool and Yaniv Shaked of Tel Aviv University in Israel have worked out how to force devices to pair whenever they want. “Our attack makes it possible to crack every communication between two Bluetooth devices, and not only if it is the first communication between those devices,” says Shaked. “Pairing allows you to seize control,” says Bruce Schneier, a security expert based in Mountain View, California. “You can sit on the train and make phone calls on someone else’s phone.”

[David M]

Sorta related.... I just love watching the people with the tiny headsets and mike on the cellphone walking around the grocery store seemingly to be talking to themselves...they look like crazy people.

[doctorgonzo]

Right, the interesting part of the article is how they can force a repairing. It's pretty simple, actually.

Since all Bluetooth devices constantly broadcast their IDs, it's easy to spoof one. And a re-pairing request sounds simple to initiate.

Say you've got a cell phone and a headset. The hacker gets the headset ID since the headset is broadcasting it. Then, the "conversation" goes like this:

Hacker: I'm the headset, and I forgot our PIN!
Phone: Okay, let's make a new one...

[Jaggannath]

Hacking Bluetooth is relatively easy, as the code used for security is available on the internet, and the frequency hopping sequence is too. It's protection is in it's short range, but in a built up area that isn't much protection.
When I'm in the airport I can use my laptop connection to connect to the internet via the airports system if I sit in a certain spot. I haven't done it, but I could.