Homepage Rankings and Research Companies Channelcast Marketing Matters CRNtv Events Acronis #CyberFit Summit 2021 Avaya Newsroom Experiences That Matter Cisco Partner Summit Digital 2020 Intel Partner Connect 2021

Research Shows Bluetooth Can Be Hacked In Milliseconds

Bluetooth devices--including phones, PDAs and PCs-- can be hacked even when Bluetooth's security is enabled, a pair of researchers say.

Yaniv Shaked and Avishai Wool of Tel Aviv University have been able to compromise Bluetooth devices in as little as 0.06 seconds -- nearly real time -- by first forcing two to "pair," the term used when two Bluetooth gizmos first communicate, and establish a security key for future wireless transmission, then cracking the four-digit PIN that's default in most devices.

Bluetooth, a short-range wireless protocol for synchronizing mobile phones with PC, for wireless computer keyboards, and for PDAs sharing data, has been the target of hackers -- the Cabir worm is the best known malware that uses Bluetooth -- but until now all attacks have been conducted on hardware without security enabled.

In the exploit demonstrated by Shaked and Wool, a Bluetooth device pretends to have been paired with another previously, but has "forgotten" the link key. This begins a new pairing session, from which hackers could snatch the key, then crack it in nothing flat. With the cracked key in hand, an attacker could monitor all data sent by the compromised device, or even hijack it for his own use to, for instance, make calls that are charged to the hacked Bluetooth phone.

"At first glance, this attack isn't a big deal," wrote security researcher Bruce Schneier on his blog. "It only works if you can eavesdrop on the pairing process. Pairing is something that occurs rarely, and generally in the safety of your home or office. But the authors have figured out how to force a pair of Bluetooth devices to repeat the pairing process, allowing them to eavesdrop on it."

Shaked and Wool presented their paper, "Cracking the Bluetooth PIN," at the MobiSys conference Monday, in Seattle. Excerpts from that research were also summarized here.

Back to Top



    trending stories

    sponsored resources