Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Wireless Networking Hardware

New Way To Crack Secure Bluetooth Devices 137

Posted by Zonk from the mind-what-you-say dept.
moon_monkey writes "Cryptographers have discovered a way to hack Bluetooth-enabled devices even when security features are switched on, according to a report from New Scientist.com. The discovery may make it even easier for hackers to eavesdrop on conversations and charge their own calls to someone else's cellphone. From the article: 'Our attack makes it possible to crack every communication between two Bluetooth devices, and not only if it is the first communication between those devices,'"
This discussion has been archived. No new comments can be posted.

New Way To Crack Secure Bluetooth Devices More

New Way To Crack Secure Bluetooth Devices

Comments Filter:

  • Funny quote (Score:4, Insightful)

    by MyLongNickName ( 822545 ) on Friday June 03, 2005 @02:24PM (#12716326) Journal
    "Too many people are thinking of security instead of opportunity. They seem more afraid of life than death. -- James F. Byrnes"

    At bottom of Slashdot screen :)

  • Why, oh why ? (Score:1, Insightful)

    by Anonymous Coward on Friday June 03, 2005 @02:27PM (#12716366)
    Why doesn't the telecom industry learn ?

    Guys, what about hiring ONE competent cryptographer to design a wireless protocols ?

  • What about keyboards (Score:2, Insightful)

    by Anonymous Coward on Friday June 03, 2005 @02:31PM (#12716401)
    The more important issue here is bluetooth keyboards. Can people use this hack to get my password that I'm typing on a wireless keyboard. (Distance issues aside.)

    The article doesn't seem to say.

  • Re:Finally... (Score:4, Insightful)

    by MyLongNickName ( 822545 ) on Friday June 03, 2005 @02:33PM (#12716423) Journal
    Does your mom make you do chores until you pay them off? You'd think once you hit 32, she'd stop doing that.

  • Re:Why, oh why ? (Score:3, Insightful)

    by fuzzybunny ( 112938 ) on Friday June 03, 2005 @02:35PM (#12716440) Homepage Journal
    Nope, most security professionals want to fix bugs. There will always be enough holes in software to make our lives difficult.

    Bluetooth in and of itself is a fairly decent protocol for what it was originally designed for (ca. 15m range personal networking). It encounters a lot of limitations in the capabilities of how it is implemented (i.e. static shared PINs, etc.)

    And you're mistaken about crazy hackers; I know of quite a few pretty top-end cryptographers still doing good research while employed as pet security bwanas by large banks, IT corporations, etc. Although, I don't know whether you could refer to "job security" when talking about an outfit like IBM research :(

  • 4-digit PIN is the heart of the problem (Score:4, Insightful)

    by G4from128k ( 686170 ) on Friday June 03, 2005 @02:36PM (#12716448)
    Reading between the lines, it seems that the short nature of the PIN code is a key to the exploit. The attacker forces a re-pairing, listens to the re-pairing exchange, and then tries all possible PIN codes to determine which one is the right one. Because a 4-digit PIN has only 10,000 possibilities, it's easy to brute force it.

    A longer alphanumeric PIN might be a first step to making this exploit much less practical -- increasing the PIN search time from a fraction of a second to hours or days.

    This looks like another classic example of the fundemental tradeoff between usability and security.

  • Re:Article is missing an important detail (Score:4, Insightful)

    by Sancho ( 17056 ) on Friday June 03, 2005 @02:37PM (#12716461) Homepage
    The article isn't clear.

    They imply that part of the pairing process is inputting the 4 digit PIN. If this is the case, user intervention would be required for re-pairing. Maybe the article wasn't as precise as possible regarding the process, but it distinctly uses the above terminology which, to me, implies manual input.

    Perhaps the devices remember the PIN if the link-key is forgotten, thus removing the need for user intervention? That would explain the bit in the article about trying every PIN (a 4-digit PIN seems pretty ridiculously small, regardless).

  • Re:Three words.... (Score:3, Insightful)

    by Mike Buddha ( 10734 ) on Friday June 03, 2005 @02:47PM (#12716539)
    ... and a litany of new security issues. There is no "magic" technology. Get over it.

  • Re:Article is missing an important detail (Score:3, Insightful)

    by BranMan ( 29917 ) on Friday June 03, 2005 @02:56PM (#12716625)
    There are a few things that aren't clear in TFA, but look pretty alarming.

    The article mentions a manual process for inputting a 4 digit PIN to seed the pairing process. Then goes on to state that bluetooth devices can send a 'whoops - forgot our secret key. Sorry. Can we pick a new one?' message that is honored without any intervention by, or alerting of, the user(s) involved. Just having that message - without any authentication or encrytion it seems - defeats the entire security process. WTF?

    The second thing is the 4 digit PIN - if the 128 bit key is generated from a 4 digit PIN, and done without randomness (how else could both devices arrive at the same key?) - then you have less than 6 bit keys in effect. WTF?

    If this article is accurate the bluetooth security protocols were designed by a bunch of frickin' morons.

    <rant> Does getting paid to develop security software render people imbeciles??? It sure seems like it does to me. </rant>
  • You can't brute-force 10,000 combinations with a good hope of succeeding if you only get three tries. Even a 25 second wait after 3 incorrect PINs would make the attack last a full day.

    I could be wrong, but my understanding is that you record the negotiation process, during which the unknown PIN is exchanged. You can then go offline and figure out which PIN number would have resulted in the particular set of data exchanged during the negotation. Then, you can go back online, having bruted the correct PIN, and Bob's your uncle.

  • Victim can't stop this type of brute force attack (Score:3, Insightful)

    by G4from128k ( 686170 ) on Friday June 03, 2005 @04:07PM (#12717247)
    You can't brute-force 10,000 combinations with a good hope of succeeding if you only get three tries. Even a 25 second wait after 3 incorrect PINs would make the attack last a full day.

    Actually the "brute force" is not done by communication so the victim cannot stall the attack. The brute force attack is entirely computed in software by the attacker's PC. The attacker simulates all 10,000 combinations until he/she gets a match with what was sniffed during listening to the re-pairing processes. The attacker only sends two communications to the victim's device: 1) a "I've lost the PIN, lets re-pair please" message. and 2) a successful here's the valid 128-bit key. Thus, the victim cannot make the attacker wait 25 seconds between tries because the cracking attempts are all done inside the attacker's PC.

    That is what makes this attack so evil. The victim only sees one message (if that) and probably thinks "Oh, one of my Bluetooth devices has glitched/crashed and I need to re-enter the PIN." Given the general unreliability of most computing devices these days I bet the victim is not even that surprised/suspicious of the message.

Slashdot Top Deals

Today is a good day for information-gathering. Read someone else's mail file.

Close