We’ve moved!

You will be redirected to our new home in five seconds. If not, click here.

GigaOM Network: GigaOM | Earth2Tech | jkOnTheRun | NewTeeVee | OStatic | TheAppleBlog | WebWorkerDaily | Jobs Live Events | About | Contact

June 03, 2005

Major Bluetooth security flaw found

New Scientist reports a major security flaw in current Bluetooth devices that can be exploited by a roving hacker.  The hacker can hijack your cell phone via Bluetooth and eavesdrop on conversations and even place calls using your phone.

Cryptographers have discovered a way to hack Bluetooth-enabled devices even when security features are switched on. The discovery may make it even easier for hackers to eavesdrop on conversations and charge their own calls to someone else’s cellphone.

Now Avishai Wool and Yaniv Shaked of Tel Aviv University in Israel have worked out how to force devices to pair whenever they want. “Our attack makes it possible to crack every communication between two Bluetooth devices, and not only if it is the first communication between those devices,” says Shaked.

The scariest part of this new hack is how easily it can be done, and even if Bluetooth security features are enabled.  On a very slow computer the two researchers say it takes just 0.3 seconds to determine the Bluetooth link for any device in range.  Bluetooth may never be the same again.

(New Scientist via Gadgetopia)

Posted by James Kendrick at 11:08 AM in mobile tech | Permalink

Enjoy this post? Receive more jkOnTheRun content for FREE by subscribing to the RSS feed!

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451b75769e200d83422cc9d53ef

Listed below are links to weblogs that reference Major Bluetooth security flaw found:

» Major Bluetooth Security Flaw Found from robhyndman.com
New Scientist is reporting what appears to a serious security flaw in the bluetooth protocol. The flaw allows a hacker to force device pairing at will, and key discovery apparently takes less than .06 seconds on a Pentium IV to accomplish. This is n... [Read More]

Tracked on June 03, 2005 at 12:02 PM

Comments

Ya know? :(

Posted by: fil | June 03, 2005 at 01:46 PM

This article is quite flawed itself. I wrote up an analysis of the hack and posted it to my blog.

http://blogs.fullthrottle.com/EmbeddedBlue/

Basically it relies on a Bluetooth device with a bad security implemention and a user that chooses a really weak pin code.

Posted by: Bryan Hall | June 03, 2005 at 01:52 PM

Comments are temporarily disabled for site maintenance and will return at 6 PM PDT.

 

RSS and Mobile-Friendly View

Sponsor Gallery

Become a sponsor »

Recent Comments

Contributors

Kevin C. Tofel

James Kendrick

Kevin's gear   JK's gear

Archives

Awards

Microsoft MVP Awardees

CNET100 2004Weblog Awards
2004ReadersChoice 2004_BoardOfExperts

About

Powered by TypePad
Member since 05/2004

Copyright Notice


  • Copyright 2008 The GigaOM Network. All rights reserved. The content in this RSS feed, as well as the content presented on the web pages of the blog, is provided for your personal non-commercial use only and may not be republished in whole or in part without the express written or verbal consent of the publisher. All rights are reserved.
StatCounter