A SECURITY flaw could allow hackers to eavesdrop on cellphone conversations made on Bluetooth-based wireless headsets was revealed in april 2004...But at that time an expensive piece of hardware was needed. Now it is even worse a simple brute force while the device are doing keyring exchange...

"Whitehouse showed in 2004 that a hacker could arrive at this link key without knowing the PIN using a piece of equipment called a Bluetooth sniffer. This can record the exchanged messages being used to derive the link key and feed the recordings to software that knows the Bluetooth algorithms and can cycle through all 10,000 possibilities of the PIN. Once a hacker knows the link keys, Whitehouse reasoned they could hijack the device."

Now the new attack force the  two bluetooth devices to pair, they can work out the link key in just 0.06 seconds on a Pentium IV-enabled computer, and 0.3 seconds on a Pentium-III

 

comments powered by Disqus

You might like also

Researchers Use PlayStation Cluster to Forge Web Skeleton Keys
How to create a rogue CA certificate... We (note Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger) have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the …
3855 Days ago
Malicious Cryptography: Exposing Cryptovirology
I start reading this book 2 days ago (135pages read of 412 pages), It is quite interesting, especially the chapter about pseudo-random generator quality and bias, Zero knowledge protocol, polymorphic virus body using relatively small algorithm (TEA)...It also propose some solutions but I did not reach this chapter...Hackers have uncovered the dark side of cryptography—that device developed to defeat Trojan horses, viruses, password theft, and other cyber-crime. It’s called cryptovirology, the art of turning the very methods designed to protect …
5240 Days ago