Jump to content
xisto Community
sparx

Bluetooth Vulnerable Yet another breach...

Recommended Posts

After two Israeli researchers published a paper earlier this month explaining how security mechanisms in short-range wireless Bluetooth technology could be quickly undermined, members of the Bluetooth Special Interest Group (SIG) are now urging users to take several precautions.

 

 

Bluetooth security is essentially based on devices generating a secure connection through a pairing process. During this process, a user of one of the devices needs to enter a PIN code, which is used by internal algorithms to generate a secure key. This key is then used to authenticate the devices whenever they connect in the future.

 

But the findings of the Israeli researchers suggest the technology may be even more susceptible to attack than previously known.

 

The academic paper puts forward a theoretical process that could potentially "guess" the security setting on a pair of Bluetooth devices, according to the Bluetooth Web site. To do so, the attacking device needs to listen in to the initial one-time pairing process. Form this point, it can use an algorithm to guess the security key and masquerade as the other Bluetooth device.

 

What is new in this paper, according to the Bluetooth SIG, is an approach that forces a new pairing sequence to be conducted between the two devices and an improved method of performing the guessing process, which brings down the time significantly from previous attacks.

 

Security Tips

 

Even though this is an academic analysis of Bluetooth security and not a reported, real-life intrusion, SIG members, which include IBM, Intel, Nokia, Microsoft, and Motorola, want to quickly eliminate any concerns users may have. On the official Bluetooth Web site, the group offers three basic elements of good practice to help safeguard from attack:

 

* When pairing devices for the first time, do so in private at home or in the office and avoid public places;

* Always use an eight character alphanumeric PIN (personal identification number) code as the minimum. The more characters within the code, the more difficult it is to crack;

* If your devices become unpaired in a public place, wait until you are in a private, secure location before re-pairing them.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.