Bluetooth devices generate a secure connection by means of the initial pairing process. During this process one or both devices need a PIN code to be entered, which is used by internal algorithms to generate a secure key which is then used to authenticate the devices whenever they connect in the future.
The new academic paper puts forward a theoretical process that could potentially “guess" the security settings on a pair of Bluetooth devices. To do this the attacking device would need to listen in to the initial one-time pairing process. From this point it can use an algorithm to guess the security key and masquerade as the other Bluetooth device. What is new in this paper is an approach that forces a new pairing sequence to be conducted between the two devices and an improved method of performing the guessing process, which brings the time down significantly from previous attacks.
To perform this hack, it is necessary for the attacker to overhear the initial pairing process, which normally only happens once in a private environment and takes a fraction of a second. The authors have put forward some possible methods to try and force a deletion of the security key in one of the two Bluetooth devices, and hence initiate a new pairing process, which they could then listen in to. To do this, they need to masquerade as the second device during a connection. The equipment needed for this process is very expensive and primarily used by developers only. If this process succeeds the user will see a message on their device that asks them to re-enter a PIN code. If they do this while the attacker is present, and the PIN code they enter is sufficiently short, then the attack could theoretically succeed.
If the PIN key that has been used consists of only four numeric characters, a fast PC can calculate the security key in less than one tenth of a second. As the PIN key gets longer, the time to crack the security code gets longer and longer. At eight alphanumeric characters it would take over 100 years to calculate the PIN, making this crack nearly impossible.
What this means for a user.
This is an academic analysis of Bluetooth security. What this analysis outlines is possible, but it is highly unlikely that a normal user would ever encounter such an attack. The attack also relies on a degree of user gullibility, so understanding the Bluetooth pairing process is an important defense. There are some basic elements of good practice, which will safeguard you against such an attack.
• When you pair devices for the first time, do this in private – at home or in the office. Avoid pairing devices in public places.
• Always use an eight character alphanumeric PIN code as the minimum. The more characters within your code, the more difficult it is to crack. You only have to enter this once, so it is not a hardship given the security benefits that accrue from a longer code.
• If your devices become unpaired while you are in public, wait until you are in a private, secure location before repairing your devices, if possible.
For more information about using Bluetooth wireless technology securely, please visit: www.bluetooth.com/help/security.asp
RSS feed