Nothing is completely safe today. Adobe has recently released a patch for a security hole in different graphical software, so why should Bluetooth be safe?
... and Bluetooth isn't safe off course! ;)
Two researchers of the Tel Aviv University School of Electrical Engineering Systems say they have discovered a technique for taking control of Bluetooth-enabled mobile phones. After you've established a connection with an other cell phone, the attacker can easily make calls with your phone. If there is a Bluetooth connection with a PC, the hacker can even transfer data between his Bluetooth device / cell phone and the hacked computer. Bluetooth can be very dangerous as you can see! Even when the handsets have security features switched on, your cell phone isn't save at all!
Avishai Wool, senior lecturer and Yaniv Shaked, graduate student and both researchers of the Tel Aviv University School of Electrical Engineering Systems have published recently a paper about three methods for forcing a repeat of the pairing process, "Cracking the Bluetooth PIN" ( http://www.eng.tau.ac.il/~yash/shaked-wool-mobisys05/ ). In this paper, a passive attack is described, in which an attacker can find the PIN used during the pairing process. The eye-opening conclusion of these two researchers: "Our results show that using algebraic optimizations, the most common Bluetooth PIN can be cracked within less than 0.06-0.3 seconds. If two Bluetooth devices perform pairing in a hostile area, they are vulnerable to this attack."
A Belgian Master student is making a fresh attempt to keep a list with Bluetooth security links on http://student.vub.ac.be/~sijansse/2e%20lic/BT/welcome.html.
Ollie Whitehousen security researcher of @stake, a digital security consulting firm ( http://www.atstake.com ) has written in October 2003 a paper that "examines methods of assessing the security of Bluetooth devices in relation to the protocol's design and implementation flaws" ( http://www.atstake.com/research/reports/acrobat/atstake_war_nibbling.pdf ).
In general, the most critical point is the 'pairing' - connection procedure of two Bluetooth devices. When a Bluetooth device asks you to re-enter the PIN number for re-pairing, once the two devices are re-connected, the hacker can now easily crack the PIN code.
Links:
- http://www.atstake.com/research/reports/acrobat/atstake_war_nibbling.pdf
- http://student.vub.ac.be/~sijansse/2e%20lic/BT/
- http://www.eng.tau.ac.il/~yash/shaked-wool-mobisys05/
For feedback on this article, please visit http://wallies.info/blog/item/145/index.html
Walter V. is a self-employed internet entrepreneur and founder-webmaster of several websites, including
wallies.info :: A snappy blog about snappy blue things :: blog | wiki | forum | links - http://wallies.info
mblo.gs :: A snappy moblog community - http://mblo.gs
article_text... Read More
article_text... Read More
article_text... Read More
article_text... Read More
article_text... Read More
article_text... Read More
article_text... Read More
Data loss is an expensive reality... Read More
To Wire or Not to Wire Wireless networks are en vogue, but your installation won't be successful unless you chose the right type of network and set it up properly... Read More
The ability to easily move data from PC to PC with minimal inconvenience is just another benefit computers have brought to the current business world... Read More
We live in an area that has begun to use GreenBins for household waste... Read More
Offering secure public Internet access is not as easy as it may seem... Read More
Roll over lumbering desktop computers, the limber laptop is here, and it's here to stay! For a while now notebooks have outstripped their ageing desktop PC siblings, easily winning the gold medal in the computer sales olympics... Read More
When it comes to sales of technology products over the Internet, there are now two factors that potential buyers must consider as possibly 'too good to be true'... Read More