On Tue, Oct 05, 2004 at 09:46:27AM -0700, Allen Brown wrote: > > > It is also a pipeline into your phone for pirates. > > > Roughly half of the phones out there are insecure. > > > And even tho the system is designed for short distance, > > > someone who wants to break in can do so from up to a mile > > > away with the appropriate hardware. > > I mis-spoke. Only half a mile. > http://www.mikeslist.com/2004_08_01_archive.html > > > Discoverable: no. > > What do you mean?
Exploits on BT devices have been of a nature that you can somehow pair two devices without the owner of one device knowing it. That's hard to do if the device isn't discoverable, since non-discoverable devices don't respond to "Anybody out there?" requests not directed to them by paired devices. > > Kinda useful, that. Patched firmwares exist for every phone > > that has a known exploit. People just don't apply them. =p > > To me, this has the flavor of Microshaft. The protocol was > designed for convenience and not for security. Same as windoze. > Every time somebody breaks in the eventually patch the hole. > But don't accept that the concept is inherently insecure. > Same as Microshaft. Implementations of the protocol have flaws. There is no flaw in my T616 firmware (the one was patched before my phone was packaged, so it has the update already), and my PDA has never had the flaw. Also, while my Macs all have had several Bluetooth updates, none of them have been to fix a security problem that I know of. The protocol was designed for convenience. However, it is a wireless protocol like 802.11[abg], and these are inherently less secure than protocols used over wires. > But for Bluetooth, the "fixes" I've seen were to leave the > phone in a particular mode. And if you used Bluetooth to > actually communicate with someone, it wasn't in that mode. Off or undiscoverable, yes. Most mobiles have flashable firmware. If your mobile maker doesn't patch the firmware and make it available to customers, I suggest you find a better mobile manufacturer, because yours can't be trusted. (Nokia..) > It would be interesting to hear your perspective on this. It > sounded to me like Bluetooth was only in a secure mode when > it was disabled. Wireless protocols are too promiscuous for > my taste. They are somewhat. An interesting difference between wifi and bluetooth is that bluetooth networks are always closed. Also, a wifi key can be cracked. The cool thing about bluetooh is that you assign a numeric PIN when you pair two devices, and both must have the same PIN entered. You do this once, and the two devices will set up a pair of values in its known or trusted device list. These values are a key (not the PIN you entered, but one the two devices agreed to after you provided the initial PIN number) and the bluetooth equivalent of a network card's MAC address. An undiscoverable device doesn't tell you its address, and there's no way to get the PIN. All bluetooth exploits to date involve bypassing the PIN to pair two devices, and the exploits are device-specific rather than protocol-specific. Because bluetooth devices are meant to be paired by one person with both devices in their personal posession, this is a reasonable approach. It also allows for more security, provided that the owner of a device does not leave it broadcasting its presence to any other devices someone else might be carrying. Security of course depends on a good implementation though. _______________________________________________ EUGLUG mailing list [EMAIL PROTECTED] http://www.euglug.org/mailman/listinfo/euglug
