Bruce Schneier has written a piece on how trivial it is to control a Bluetooth device, as the secret “key” it uses to connect to another device is only 4 digits long (ie, VERY easy to brute force on any laptop):
There’s a new cryptographic result against Bluetooth. Yaniv Shaked and Avishai Wool of Tel Aviv University in Israel have figured out how to recover the PIN by eavesdropping on the pairing process.
Pairing is an important part of Bluetooth. It’s how two devices — a phone and a headset, for example — associate themselves with one another. They generate a shared secret that they use for all future communication. Pairing is why, when on a crowded subway, your Bluetooth devices don’t link up with all the other Bluetooth devices carried by everyone else.
According to the Bluetooth specification, PINs can be 8-128 bits long. Unfortunately, most manufacturers have standardized on a four decimal-digit PIN. This attack can crack that 4-digit PIN in less than 0.3 sec on an old Pentium III 450MHz computer, and in 0.06 sec on a Pentium IV 3Ghz HT computer.
No Comments so far ↓
There are no comments yet...Kick things off by filling out the form below.