Bluetooth cracked further
Thomas Lakofski
thomas at 88.net
Sat Jun 4 19:52:06 EDT 2005
Olle Mulmo wrote:
> On Jun 4, 2005, at 14:12, Thomas Lakofski wrote:
Wrote? Well, quoted...
>> Finally, the PIN length ranges from 8 to 128 bits. Most manufacturers
>> use a 4 digit PIN and supply it with the device. Obviously, customers
>> should demand the ability to use longer PINs.
>
> Correction: Most manufacturers hardcode the 4-digit PIN to 0000. It has
> been known for some time that those "gadgets" need to be paired in an
> Faradayic environment: if I recall correctly, a paper being presented on
> this at the RSA conference ~2001 or so.
For some values of 'most.' This would cover mice, keyboards and wireless
headsets. My MS Bluetooth mouse doesn't need any PIN or even encryption to
connect... I've yet to see a Bluetooth-capable telephone with a fixed PIN; I
would doubt that the number of shipped BT mice, keyboards and headsets exceeds
the number of BT-capable telephones in existence.
> The forced re-pairing vulnerability is news to me. It makes me very
> concerned about Bluetooth keyboards...
Your attacker would need to keep a device live and in the neighbourhood of your
Bluetooth keyboard to perform a mitm attack; I'd be more worried about the
non-Bluetooth wireless keyboards out there.
-thomas
ps, it's a little ironic that a post to a cryptography list has its digital
signature stripped before reaching the list, no?
--
Thomas Lakofski +44 70 9228 8229
'Reality is that which, when you stop believing in it, doesn't go away' --PKD
gpg: 1024D/81FD4B43 2B72 53DB 8104 2041 BDB4 F053 4AE5 01DF 81FD 4B43
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list