Bluetooth Can Be Cracked!

Nothing is completely safe today. Adobe has recently released a patch for a security hole in different graphical software, so why should Bluetooth be safe?

... and Bluetooth isn't safe off course! ;)

Two researchers of the Tel Aviv University School of Electrical Engineering Systems say they have discovered a technique for taking control of Bluetooth-enabled mobile phones. After you've established a connection with an other cell phone, the attacker can easily make calls with your phone. If there is a Bluetooth connection with a PC, the hacker can even transfer data between his Bluetooth device / cell phone and the hacked computer. Bluetooth can be very dangerous as you can see! Even when the handsets have security features switched on, your cell phone isn't save at all!

Avishai Wool, senior lecturer and Yaniv Shaked, graduate student and both researchers of the Tel Aviv University School of Electrical Engineering Systems have published recently a paper about three methods for forcing a repeat of the pairing process, "Cracking the Bluetooth PIN" ( http://www.eng.tau.ac.il/~yash/shaked-wool-mobisys05/ ). In this paper, a passive attack is described, in which an attacker can find the PIN used during the pairing process. The eye-opening conclusion of these two researchers: "Our results show that using algebraic optimizations, the most common Bluetooth PIN can be cracked within less than 0.06-0.3 seconds. If two Bluetooth devices perform pairing in a hostile area, they are vulnerable to this attack."

A Belgian Master student is making a fresh attempt to keep a list with Bluetooth security links on http://student.vub.ac.be/~sijansse/2e%20lic/BT/welcome.html.

Ollie Whitehousen security researcher of @stake, a digital security consulting firm ( http://www.atstake.com ) has written in October 2003 a paper that "examines methods of assessing the security of Bluetooth devices in relation to the protocol's design and implementation flaws" ( http://www.atstake.com/research/reports/acrobat/atstake_war_nibbling.pdf ).

In general, the most critical point is the 'pairing' - connection procedure of two Bluetooth devices. When a Bluetooth device asks you to re-enter the PIN number for re-pairing, once the two devices are re-connected, the hacker can now easily crack the PIN code.

Links:

- http://www.atstake.com/research/reports/acrobat/atstake_war_nibbling.pdf

- http://student.vub.ac.be/~sijansse/2e%20lic/BT/

- http://www.eng.tau.ac.il/~yash/shaked-wool-mobisys05/

For feedback on this article, please visit http://wallies.info/blog/item/145/index.html

Walter V. is a self-employed internet entrepreneur and founder-webmaster of several websites, including
wallies.info :: A snappy blog about snappy blue things :: blog | wiki | forum | links - http://wallies.info
mblo.gs :: A snappy moblog community - http://mblo.gs