| Air Interfce For Bluetooth
Continue.. |
2005:
In April 2005, Cambridge University security researchers published results of
their actual implementation of passive attacks against the PIN-based pairing
between commercial Bluetooth devices, confirming the attacks to be practicably
fast and the Bluetooth symmetric key establishment method to be vulnerable. To
rectify this vulnerability, they carried out an implementation which showed that
stronger, asymmetric key establishment is feasible for certain classes of
devices, such as handphones.
In June 2005, Yaniv Shaked and Avishai Wool published the paper "Cracking the
Bluetooth PIN1," which shows both passive and active methods for obtaining the
PIN for a Bluetooth link. The passive attack allows a suitably equipped attacker
to eavesdrop on communications and spoof if they were present at the time of
initial pairing. The active method makes use of a specially constructed message
that must be inserted at a specific point in the protocol, to make the master
and slave repeat the pairing process. After that, the first method can be used
to crack the PIN. This attack's major weakness is that it requires the user of
the devices under attack to re-enter the PIN during the attack when the device
prompts them to. Also, this active attack probably requires custom hardware,
since most commercially available Bluetooth devices are not capable of the
timing necessary.
In August 2005, police in Cambridgeshire, England, issued warnings about
thieves using Bluetooth-enabled phones to track other devices left in cars.
Police are advising users to ensure that any mobile networking connections are
de-activated if laptops and other devices are left in this way.
2006:
In April 2006, researchers from Secure Network and F-Secure published a report
that warns of the large number of devices left in a visible state, and issued
statistics on the spread of various Bluetooth services and the ease of spread of
an eventual Bluetooth worm.
In October 2006, at the Luxemburgish Hack.lu Security Conference, Kevin
Finistere and Thierry Zoller demonstrated and released a remote root shell over
Bluetooth on Mac OSX 10.3.9 and 10.4. They also demonstrated the first Bluetooth
PIN and Linkkeys cracker, which is based on the research of Wool and Shaked.
Bluejacking:
Bluejacking allows phone users to send business cards anonymously using
Bluetooth wireless technology. Bluejacking does NOT involve the removal or
alteration of any data from the device. These business cards often have a clever
or flirtatious message rather than the typical name and phone number.
Bluejackers often look for the receiving phone to ping or the user to react.
They then send another, more personal message to that device. Once again, in
order to carry out a bluejacking, the sending and receiving devices must be
within range of each other, which is typically 10 meters for most mobile
devices. Phone owners who receive bluejack messages should refuse to add the
contacts to their address book. Devices that are set in non-discoverable mode
are not susceptible to bluejacking. However, the use of the Linux application
Redfang, allows this to be bypassed. [1]
Health concerns
Bluetooth uses the microwave radio frequency spectrum in the 2.4 GHz to
2.4835 GHz range. Maximum power output from a Bluetooth radio is 1 mW, 2.5 mW,
and 100 mW for Class 3, Class 2, and Class 1 devices respectively, which puts
Class 1 at roughly the same level as cell phones, and the other two classes much
lower. Accordingly, Class 2 and
Class 3 Bluetooth devices are considered less of a potential hazard than cell
phones, and Class 1 may be comparable to that of cell phones.
|
