Friday, June 3, 2005
More Bluetooth Blues
Posted by Darius Wey in "NEWS" @ 04:30 PM
"Cryptographers have discovered a way to hack Bluetooth-enabled devices even when security features are switched on. The discovery may make it even easier for hackers to eavesdrop on conversations and charge their own calls to someone else’s cellphone. Bluetooth is a protocol that allows different devices including phones, laptops, headsets and printers to communicate wirelessly over short ranges - typically between 10 and 100 metres. Over the past few years security experts have devised many ways of hacking into Bluetooth communications, but most require the Bluetooth security features to be switched off. In April 2004, UK-based Ollie Whitehouse, at that time working for security firm @Stake, showed that even Bluetooth devices in secure mode could be attacked. His method allowed someone to hijack the phone, giving them the power to make calls as if it were in their own hands."
A couple of bright experts at Tel Aviv University have exposed the latest Bluetooth vulnerability. Step 1 - spoof one of the device's personal IDs (easily done as all discoverable Bluetooth devices broadcast this to any other Bluetooth-enabled device in sight). Step 2 - send a "forget" message (this prompts the other device to discard the original key and to create a new one to initiate a new paired session). Step 3 - you're in! All this in just 0.06 seconds. :roll:
A couple of bright experts at Tel Aviv University have exposed the latest Bluetooth vulnerability. Step 1 - spoof one of the device's personal IDs (easily done as all discoverable Bluetooth devices broadcast this to any other Bluetooth-enabled device in sight). Step 2 - send a "forget" message (this prompts the other device to discard the original key and to create a new one to initiate a new paired session). Step 3 - you're in! All this in just 0.06 seconds. :roll:
