Re: Bluetooth cracked further

[Thomas Lakofski]

Perry E. Metzger wrote:
 Matt Crawford [EMAIL PROTECTED] writes:
 
On Jun 3, 2005, at 11:55, Perry E. Metzger wrote:

2) They also have a way of forcing pairing to happen, by impersonating
   one of the devices and saying oops! I need to pair again! to the
   other.

Do the devices then pair again without user intervention, re-using the
PIN that paired them initially?
 
 
 That is my understanding. Ugly, isn't it?

The paper addresses countermeasures; it would appear that the original PIN is
not stored for reuse in most (any?) implementations, but that there is an option
to use a PIN every time the devices are connected, which would expose this risk:

6 Countermeasures
 This section details the countermeasures one should consider when using a
Bluetooth device. These countermeasures will reduce the probability of being
subjected to both attacks and the vulnerability to these attacks.

 Since Bluetooth is a wireless technology, it is very difficult to avoid
Bluetooth signals from leaking outside the desired boundaries. Therefore, one
should follow the recommendation in the Bluetooth standard and refrain from
entering the PIN into the Bluetooth device for pairing as much as possible. This
reduces the risk of an attacker eavesdropping on the pairing process and finding
the PIN used.

 Most Bluetooth devices save the link key (Kab) in non-volatile memory for
future use. This way, when the same Bluetooth devices wish to communicate again,
they use the stored link key. However, there is another mode of work, which
requires entering the PIN into both devices every time they wish to communicate,
even if they have already been paired before. This mode gives a false sense of
security! Starting the pairing process every time increases the probability of
an attacker eavesdropping on the messages transferred. We suggest not to use
this mode of work.

 Finally, the PIN length ranges from 8 to 128 bits. Most manufacturers use a 4
digit PIN and supply it with the device. Obviously, customers should demand the
ability to use longer PINs.

-thomas

--
Thomas Lakofski +44 70 9228 8229
'Reality is that which, when you stop believing in it, doesn't go away' --PKD
gpg: 1024D/81FD4B43  2B72 53DB 8104 2041 BDB4  F053 4AE5 01DF 81FD 4B43
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Bluetooth cracked further

[Thomas Lakofski]

Olle Mulmo wrote:
 On Jun 4, 2005, at 14:12, Thomas Lakofski wrote:

Wrote?  Well, quoted...

 Finally, the PIN length ranges from 8 to 128 bits. Most manufacturers
 use a 4 digit PIN and supply it with the device. Obviously, customers
 should demand the ability to use longer PINs.

 Correction: Most manufacturers hardcode the 4-digit PIN to . It has
 been known for some time that those gadgets need to be paired in an
 Faradayic environment: if I recall correctly, a paper being presented on
 this at the RSA conference ~2001 or so.

For some values of 'most.'  This would cover mice, keyboards and wireless
headsets.  My MS Bluetooth mouse doesn't need any PIN or even encryption to
connect...  I've yet to see a Bluetooth-capable telephone with a fixed PIN; I
would doubt that the number of shipped BT mice, keyboards and headsets exceeds
the number of BT-capable telephones in existence.

 The forced re-pairing vulnerability is news to me. It makes me very
 concerned about Bluetooth keyboards...

Your attacker would need to keep a device live and in the neighbourhood of your
Bluetooth keyboard to perform a mitm attack; I'd be more worried about the
non-Bluetooth wireless keyboards out there.

-thomas

ps, it's a little ironic that a post to a cryptography list has its digital
signature stripped before reaching the list, no?

--
Thomas Lakofski +44 70 9228 8229
'Reality is that which, when you stop believing in it, doesn't go away' --PKD
gpg: 1024D/81FD4B43  2B72 53DB 8104 2041 BDB4  F053 4AE5 01DF 81FD 4B43
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]