NEW HACK CRACKS 'SECURE' BLUETOOTH DEVICES

New Hack Cracks 'secure' Bluetooth Devices

By Celeste Biever NewScientist.com Friday, June 3, 2005

Cryptographers have discovered a way to hack Bluetooth- enabled devices even when security features are switched on. The discovery may make it even easier for hackers to eavesdrop on conversations and charge their own calls to someone else's cellphone.

Bluetooth is a protocol that allows different devices including phones, laptops, headsets and printers to communicate wirelessly over short ranges - typically between 10 and 100 metres.

Over the past few years security experts have devised many ways of hacking into Bluetooth communications, but most require the Bluetooth security features to be switched off.

In April 2004, UK-based Ollie Whitehouse, at that time Bluetooth devices in secure mode could be attacked. His method allowed someone to hijack the phone, giving them the power to make calls as if it were in their own hands.

Pairing up

But this technique did not pose a serious risk because it could be performed only if the hacker happened to catch two Bluetooth devices just before their first communication, during a process known as "pairing".

Before two Bluetooth devices can communicate they must establish a secret key via this pairing process. But as long as the two devices paired up in a private place there was no risk of attack, explains Chris McNab of the UK security firm TrustMatta.

Now Avishai Wool and Yaniv Shaked of Tel Aviv University in Israel have worked out how to force devices to pair whenever they want. "Our attack makes it possible to crack every communication between two Bluetooth devices, and not only if it is the first communication between those devices," says Shaked.

"Pairing allows you to seize control," says Bruce Schneier, a security expert based in Mountain View, California. "You can sit on the train and make phone calls on someone else's phone."

Sniffing the airwaves

During pairing, two Bluetooth devices establish the 128- bit secret "link key" that they then store and use to encrypt all further communication. The first step requires the legitimate users to type the same secret, four-digit PIN into both devices. The two devices then use this PIN in a complex process to arrive at the common link key.

Whitehouse showed in 2004 that a hacker could arrive at this link key without knowing the PIN using a piece of equipment called a Bluetooth sniffer. This can record the exchanged messages being used to derive the link key and feed the recordings to software that knows the Bluetooth algorithms and can cycle through all 10,000 possibilities of the PIN. Once a hacker knows the link keys, Whitehouse reasoned they could hijack the device.

But pairing only occurs the first time two devices communicate. Wool and Shaked have managed to force pairing by pretending to be one of the two devices and sending a message to the other claiming to have forgotten the link key. This prompts the other device to discard the link key and the two then begin a new pairing session, which the hacker can then use.

Surprisingly easy

In order to send a "forget" message, the hacker must simply spoof one of the devices personal IDs, which can be done because all Bluetooth devices broadcast this automatically to any Bluetooth device within range.

"Having it done so easily is surprising," says Schneier. He is also impressed by the fact that Wool and Shaked have actually implemented Whitehouse's idea in real devices.

They show that once an attacker has forced two devices to pair, they can work out the link key in just 0.06 seconds on a Pentium IV-enabled computer, and 0.3 seconds on a Pentium-III. "This is not just a theoretical break, it's practical," says Schneier.

Shaked and Wool will present their findings at the MobiSys conference next Monday in Seattle, Washington, US.

- - - - - - -

Posted on 6-03-2005 5:21:44 PM PDT by LaserLock

- - - - - - - - - - - - - - - - - - - - - - - - - - - - End of forwarded message

Jai Maharaj Om Shanti

Hindu Holocaust Museum

Hindu life, principles, spirituality and philosophy

The truth about Islam and Muslims

The person mission of Jesus stated in the Christian bible:

"Think not that I am come to send peace on earth: I came not so send peace, but a sword. "For I am come to set a man at variance against his father, and the daughter against her mother, and the daughter in law against her mother in law. "And a man's foes shall be they of his own household. - Matthew 10:34-36.

o Not for commercial use. Solely to be fairly used for the educational purposes of research and open discussion. The contents of this post may not have been authored by, and do not necessarily represent the opinion of the poster. The contents are protected by copyright law and the exemption for fair use of copyrighted works. o If you send private e-mail to me, it will likely not be read, considered or answered if it does not contain your full legal name, current e-mail and postal addresses, and live-voice telephone number. o Posted for information and discussion. Views expressed by others are not necessarily those of the poster who may or may not have read the article.

FAIR USE NOTICE: This article may contain copyrighted material the use of which may or may not have been specifically authorized by the copyright owner. This material is being made available in efforts to advance the understanding of environmental, political, human rights, economic, democratic, scientific, social, and cultural, etc., issues. It is believed that this consbreastutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with breastle 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research, comment, discussion and educational purposes by subscribing to USENET newsgroups or visiting web sites. For more information If you wish to use copyrighted material from this article for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner.

Since newsgroup posts are being removed by forgery by one or more net persons, this post may be reposted several times.