Bluetooth Security Flaw Found

Comments

BlueTooth Logo
Cryptographers have found a security flaw in Bluetooth that allows unauthorized pairing between (among other things) mobile phones. Pairing is the process that Bluetooth devices go through to make sure the owner of each device is aware of the connection. During pairing, the same PIN has to be entered on both devices.

The new flaw allows a malicious user to pair without the other device alerting its owner. It masquerades as another device that’s currently paired with the target:

Avishai Wool and Yaniv Shaked [of Tel Aviv University in Israel] have managed to force pairing by pretending to be one of the two devices and sending a message to the other claiming to have forgotten the link key. This prompts the other device to discard the link key and the two then begin a new pairing session, which the hacker can then use.

  • Arv

    What is not mentioned is that this crack requires sophisticated and expensive hardware to crack the PIN of the devices, and even then larger PIN’s foil this crack. Add to that that just because it is cracked, the chances of access the data is still extremely small.

  • Arv

    What is not mentioned is that this crack requires sophisticated and expensive hardware to crack the PIN of the devices, and even then larger PIN’s foil this crack. Add to that that just because it is cracked, the chances of access the data is still extremely small.