06-04-2005, 12:30 AM
|
|
Developer & Designer, News Editor Emeritus
Join Date: Aug 2006
Posts: 12,959
|
|
More Bluetooth Blues
"Cryptographers have discovered a way to hack Bluetooth-enabled devices even when security features are switched on. The discovery may make it even easier for hackers to eavesdrop on conversations and charge their own calls to someone else�s cellphone. Bluetooth is a protocol that allows different devices including phones, laptops, headsets and printers to communicate wirelessly over short ranges - typically between 10 and 100 metres. Over the past few years security experts have devised many ways of hacking into Bluetooth communications, but most require the Bluetooth security features to be switched off. In April 2004, UK-based Ollie Whitehouse, at that time working for security firm @Stake, showed that even Bluetooth devices in secure mode could be attacked. His method allowed someone to hijack the phone, giving them the power to make calls as if it were in their own hands."
A couple of bright experts at Tel Aviv University have exposed the latest Bluetooth vulnerability. Step 1 - spoof one of the device's personal IDs (easily done as all discoverable Bluetooth devices broadcast this to any other Bluetooth-enabled device in sight). Step 2 - send a "forget" message (this prompts the other device to discard the original key and to create a new one to initiate a new paired session). Step 3 - you're in! All this in just 0.06 seconds. :roll:
|
| |
|
|
|
06-04-2005, 01:09 AM
|
|
Thinker
Join Date: Dec 2003
Posts: 359
|
|
Time for them to start on Bluetooth encryption *shudder* still it sounds like you have to be using the bluetooth and the second device at the time they are trying to crack so in my everyday useage it would be very infrequently I would be able to be "hacked"
Another question is how "hackable" is it as far as the profile useage. I mean if you have something useing a bluetooth headset profile is that as valuable as a person who is using a serial port profile?
|
| |
|
|
|
06-04-2005, 03:29 AM
|
|
Editor Emeritus
Join Date: Aug 2006
Posts: 1,221
|
|
I had to double-check. I though Ed had posted this. :wink:
|
| |
|
|
|
06-04-2005, 03:33 AM
|
|
Developer & Designer, News Editor Emeritus
Join Date: Aug 2006
Posts: 12,959
|
|
Quote:
|
Originally Posted by pmradio
I had to double-check. I though Ed had posted this. :wink:
|
He still posted on something blue anyway. 
|
| |
|
|
|
06-04-2005, 03:45 AM
|
|
Pupil
Join Date: Jun 2005
Posts: 32
|
|
Do you guys think it's really a good idea to be telling anyone and everyone how to perform this hack????
|
| |
|
|
|
06-04-2005, 03:54 AM
|
|
Developer & Designer, News Editor Emeritus
Join Date: Aug 2006
Posts: 12,959
|
|
Quote:
|
Originally Posted by Ash211
Do you guys think it's really a good idea to be telling anyone and everyone how to perform this hack????
|
This is more about "concept" than applying it in a "real-world scenario". It has already been published in New Scientist and a few other websites, so I don't think the world is immune to it. Besides, it's better to look at this article from the perspective that it's educating the community about the latest Bluetooth vulnerability and helping them to take necessary steps to prevent such attacks, rather than the perspective of telling them how they can use it to hack into their next-door neighbour's Bluetooth device.
|
| |
|
|
|
06-04-2005, 04:24 AM
|
|
Editor Emeritus
Join Date: Aug 2006
Posts: 15,171
|
|
Quote:
|
Originally Posted by Darius Wey
helping them to take necessary steps to prevent such attacks
|
... like leaving their devices non-discoverable whenever possible. While it makes things like beaming business cards hard, that may be the cost for now until the model becomes more robust over time.
At least, I hope that works.
--janak
|
| |
|
|
|
06-04-2005, 10:29 AM
|
|
Ponderer
Join Date: Jan 2005
Posts: 108
|
|
I really laughed out loud about this one. I've been a bluetooth detractor from day one. It has been geeky ideas like Bluetooth that lost Ericsson the mobile phone market. While they were looking up their backsides over developing this largely irrelevant technology Nokia was walking away with the mobile phone market with the press-on cover. Hardly hi-tech but definitely marketing-lead rather than technology-lead. There is a lesson in there for all you readers who marvel at the latest technology. It may be cool but someone has got to buy it.
Anyway, that aside. I recently purchased a new SD reader and I was offered at the same time a cheap BT USB adapator. Why not? I thought and purchased it for a laugh.
I plugged it in and happily searched for devices to link to. Apart from my JAM, I was impressed that the adaptor had the power to pick up my wife's T610 which was in her handbag but still in the same room. But I also noticed a third Nokia handset in the link list. Now, I don't own a Nokia BT handset, and neither does anyone in my family. My conclusion was that this had to be a handset from my neighbours, next door. I live in a small terrace house and my PC desk in next to my neighbours party wall. I've never known a BT adaptor to be powerful enough to penetrate walls but, hey, this rougue device was definitely in the neighbourhood.
What really amused me was that when I then requested a list of services supported by devices in the BT neighbourhood the list included Nokia Data Suite. I'm sure most of you know that Data Suite can be used to transfer data to/from the BT handset.
I do happen to have a copy of Nokia Data Suite but as of yet I have not had either the time or interest to pursue this opportunity.
To be fair, I assume that whoever owns this handset is either unaware that the BT is turned on, or unaware how easy it is to detect and potentially interract with the handset.
Encryption for BT? Why bother!
|
| |
|
|
|
06-04-2005, 12:53 PM
|
|
Sage
Join Date: Mar 2004
Posts: 734
|
|
Sounds cool. If anyone does happen to find that interesting piece of software, I for one would love a copy ;-)
And people wonder why I never store sensitive data on PPC's and BT phones - here's your answer folks.
|
| |
|
|
|
06-04-2005, 04:39 PM
|
|
Executive Editor, Android Thoughts
Join Date: Aug 2006
Posts: 3,233
|
|
Quote:
|
Originally Posted by biglouis
I really laughed out loud about this one. I've been a bluetooth detractor from day one. It has been geeky ideas like Bluetooth that lost Ericsson the mobile phone market. While they were looking up their backsides over developing this largely irrelevant technology Nokia was walking away with the mobile phone market with the press-on cover. Hardly hi-tech but definitely marketing-lead rather than technology-lead. There is a lesson in there for all you readers who marvel at the latest technology. It may be cool but someone has got to buy it.
|
Largely irrelevant technology? I don't know but I'm willing to bet that the people who actually have the money to spend on unsubsidized phone and PDA purchases would rather have an easy system for wireless headsets, wireless modems and wireless sync'ing than press-on covers. In fact, I'd be willing to bet they are extremely uninterested in press-on covers.
Just because the US Market is just now starting to be interested in BT doesn't mean that this was the same everywhere else in the world. 2 years ago BT was becoming popular in Europe and Asia. Call me crazy, but that makes it "cool" and meets the "Someone has got to buy it" requirement.
Today's news is fairly uneventful in the scheme of Bluetooth. All technolgies eventually are hacked, and many, if not all, simply devise new methods to secure themselves. Bluetooth, as much as you'd like to believe otherwise, is gaining popularity and usage. Time to admit that in the long run, it can become the market leader whereas press-on covers were only good for a few short years.
__________________
Dr. Jon Westfall, MCSE, MS-MVP
Executive Editor - Android Thoughts
News Editor - Windows Phone Thoughts
|
| |
|
|
|
|
|
Linear Mode
