Wireless? You better watch out :)

[WillyG]

Bit off PPC topic, but i thought u might find this interesting:
Are you using a wireless keyboard or mouse? Guess whos laughing when you happily are tapping down some juicy details on that keyboard.
This is a true story 8O :
""About 10 pm I was sitting and watching TV when the computer, which was in sleep mode, suddenly began to buzz. I looked over and noticed it was waking up. I also saw a red light on the keyboard's receiver box blinking as if I was writing something,"
Read the rest of it here:
http://www.aftenposten.no/english/lo...ticleID=427668

Spooky

[WillyG]

Bit off PPC topic, but i thought u might find this interesting:
Are you using a wireless keyboard or mouse? Guess whos laughing when you happily are tapping down some juicy details on that keyboard.
This is a true story 8O :
""About 10 pm I was sitting and watching TV when the computer, which was in sleep mode, suddenly began to buzz. I looked over and noticed it was waking up. I also saw a red light on the keyboard's receiver box blinking as if I was writing something,"
Read the rest of it here:
http://www.aftenposten.no/english/lo...ticleID=427668

Spooky

[Janak Parekh]

:lol:

Seriously, this is one huge advantage to a Bluetooth mouse/keyboard setup. Due to the private keys and device ID's, you couldn't do this.

--janak

[Kaber]

With bluetooth what? I would say any data that can be captured out of mid air can be decrypted given sufficient time and hard work.

Of course the target would have to be pretty juicy to warrant said time and work.

And let's not forget how many people leave default settings on their devices and how those default settings can be easily read off of the .pdf manual you can download from the products website.

[Janak Parekh]

Quote:

Originally Posted by Kaber

With bluetooth what? I would say any data that can be captured out of mid air can be decrypted given sufficient time and hard work.

I'm not referring to encryption hardness, I'm referring to typical interference. In any case, unless there's a design vulnerability, you have 128-bit symmetric key encryption. That will take a long time to decrypt. Add in the fact that Bluetooth is frequency hopping... it's really, really hard to do.

Quote:

And let's not forget how many people leave default settings on their devices and how those default settings can be easily read off of the .pdf manual you can download from the products website.

Doesn't work with Bluetooth. By default, nothing talks to each other.

--janak

[daS]

Quote:

Originally Posted by Kaber

With bluetooth what? I would say any data that can be captured out of mid air can be decrypted given sufficient time and hard work.

Well if someone is that paranoid, they shouldn’t use a CRT. (Or at least do so in a faraday cage.) It’s also possible to duplicate the contents of a CRT screen by sniffing the radio emissions that leak from.

Bluetooth uses a clever scheme of authentication based on 128 bit random numbers. After a one-time bonding of the two Bluetooth devices (can be done in a metal cage if you’d like) the authentication key is not transmitted over the air.

Of course, this doesn’t prevent someone with a sniffer and a protocol analyzer from capturing all Bluetooth packets and reading the content. However, this can’t be done with consumer hardware and the tools you need cost anywhere from $10Kto $100K! 8O Even then, if the Bluetooth user adds 128 bit encryption (an optional part of the Bluetooth spec) on top of the transmission, it would be impractical to get the data that way. When I say impractical what I mean is that it might be possible but given the time limitation of the potential end of the known universe, it might take too long. :wink: )

We will be adding an article about Bluetooth security to www.BluetoothNews.com in the next few weeks.

[Kaber]

If you are a target then its hard to avoid being compromised. If you have something someone wants they may just go all the way to get it.

If you take any security precausions at all, of course you are detering the "the front door was unlocked" scenario. If you have sensitive info on your box you had better take into account the security aspects of an IR/Bluetooth/et. all keyboard/mouse before ever even purchasing one. If you have sensitive (and I'm not talking naked pictures of your wife, I'm talking like sensitive corporate info) data on your PC, you should be thinking about its security all the time.

And sometimes, it IS worth the 10K-100K to compromise that system... to someone... somewhere. Just think about all the money DARPA's IAO is spending to compromise the communications of every system connected to the internet (and next is the phones) to collect into its TIA database.

Regarding Bluetooth security here's some good links, and a fairly recent article.

Just trying to spead some healthy paranoia that's all.

[Janak Parekh]

Quote:

Originally Posted by Kaber

If you have sensitive (and I'm not talking naked pictures of your wife, I'm talking like sensitive corporate info) data on your PC, you should be thinking about its security all the time.

Sure. But if that's the case, Bluetooth is not the beginning nor the end of your problems. How about auditing what processes are running on your system, or the certification of your device drivers, or physical lockdown parameters, etc. Don't forget the social factor (secretary gives out password, etc.).

Take a look at OpenBSD, for example--the guys are paranoid about security, but it means taking the whole computing process to a whole other (and less convenient) level.

A Bluetooth cordless kb/mouse is convenient and reasonably safe for average home applications.

--janak

[Kaber]

I agree.