[ISN] Bluetooth cracking tools released

From: InfoSec News (alerts@private)
Date: Thu Jan 04 2007 - 22:39:28 PST


By Matthew Broersma
04 January 2007

German programmers have released two tools aimed at compromising 
Bluetooth devices, including PCs, at the Chaos Communications Congress 
in Berlin.

Enterprises generally ignore Bluetooth from a security point of view, 
but should be aware that there are fundamental security weaknesses in 
the wireless specification, according to Thierry Zoller, who introduced 
the tools at the conference on Friday.

Zoller, a security consultant, developed BTCrack [1], an implementation 
of a flaw disclosed in 2005 by Israeli security researchers. The tool 
takes advantage of weak PINs in Bluetooth devices, allowing an attacker 
to listen in on a pairing session and gain access to both paired 

HID Attack [2] is a proof-of-concept exploit for hijacking a Bluetooth 
keyboard using the Human Interface Device (HID) standard. The attack 
could allow access to sensitive systems, according to developer Collin 
Mulliner, who said he came across the problem by accident while 
developing a software keyboard.

"The threat potential is high, it basically is like getting physical 
access to the target system," Mulliner said in a paper released in 
connection with Zoller's talk.

However, several practical obstacles mean that carrying out an attack is 
difficult, he acknowledged. Not all HID hosts implement server mode, 
which is necessary for the attack, and the fact that the screen might 
not be visible adds more complications.

And there's the main issue limiting all Bluetooth attacks - that they 
must be carried out at close range.

However, the BTCrack and HID Attack show that such attacks are far from 
theoretical, Zoller said in his talk.

[1] http://www.nruns.com/security_tools.php
[2] http://mulliner.org/bluetooth/hidattack.php

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Thu Jan 04 2007 - 23:04:18 PST