Bluetooth cracked further

Dan Riley dsr at mail.lns.cornell.edu
Sat Jun 4 11:50:03 EDT 2005


Matt Crawford <crawdad at fnal.gov> writes:
> On Jun 3, 2005, at 11:55, Perry E. Metzger wrote:
> > 2) They also have a way of forcing pairing to happen, by impersonating
> >    one of the devices and saying "oops! I need to pair again!" to the
> >    other.
> 
> Do the devices then pair again without user intervention, re-using the
> PIN that paired them initially?

In the notes for section 5, they say

    If the attack is successful, the Bluetooth user will need to enter
    the PIN again - so a suspicious user may realize that his
    Bluetooth device is under attack and refuse to enter the PIN.

So no, it doesn't re-pair without intervention.

-dan

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list