The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

  • Subscribe

  • Xavier’s tweets

    Error: Twitter did not respond. Please wait a few minutes and refresh this page.

  • Goodreads

  • Enter your email address to follow this blog and receive notifications of new posts by email.

    Join 1,186 other followers

  • Blog Stats

    • 52,779 hits

23C3 – new hacker tools for Bluetooth

Posted by Xavier Ashe on January 2, 2007

Two new tools, BTCrack and Hidattack (link to TAR file download), were released today (Friday)
at the 23rd Chaos Communication Congress
in Berlin. They demonstrate serious security vulnerabilities in
Bluetooth at the protocol level. BTCrack permits hacking the pairing of
two Bluetooth devices. Hidattack permits remote, external control of a
wireless Bluetooth keyboard, so that it is possible to make keyboard
entries on the connected computer.

BTCrack builds on a Bluetooth
described by Israeli researchers Avishai Wool and
Yaniv Shaked in 2005. This vulnerability means that it is possible to
listen in on the connection between devices connected by short range
radio directly, during pairing and thus crack the encryption system. The
connected devices are tricked into thinking that their counterpart has
forgotten the so-called link key, which is not required for PIN entry.
This kicks off a new pairing process. This offers an attacker the
opportunity to record the required data using a Bluetooth sniffer.

Hidattack exploits the HD server (human interface device) installed
with many Bluetooth keyboards. The program, penned by Colin Mulliner,
by bypassing the PIN request in a similar manner connects to this
little server and can then pretend to be the keyboard. Zoller
elucidated one application possibility for Hidattack – if the keyboard
were in a nearby bank and were connected to a terminal that was visible
using a telescope, it might be possible, for example, to carry out
transactions. In this scenario it would be possible to operate the
terminal almost as if you were sitting right in front of it. The only
thing missing would be the mouse.

More on Heise Security.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: