Bluetooth cracking tools released
09.01.2007
German programmers have
released two tools aimed at compromising
Bluetooth devices, including PCs, at the
Chaos Communications Congress in Berlin.
Enterprises generally ignore Bluetooth from
a security point of view, but should be
aware that there are fundamental security
weaknesses in the wireless specification,
according to Thierry Zoller, who introduced
the tools at the conference on Friday.
Zoller, a security consultant, developed
BTCrack, an implementation of a flaw
disclosed in 2005 by Israeli security
researchers.
The tool takes advantage of weak PINs in
Bluetooth devices, allowing an attacker to
listen in on a pairing session and gain
access to both paired devices.
HID Attack is a proof-of-concept exploit
for hijacking a Bluetooth keyboard using the
Human Interface Device (HID) standard. The
attack could allow access to sensitive
systems, according to developer Collin
Mulliner, who said he came across the
problem by accident while developing a
software keyboard. "The threat potential is
high, it basically is like getting physical
access to the target system," Mulliner said
in
a paper released in connection with
Zoller's talk.
However, several practical obstacles mean
that carrying out an attack is difficult, he
acknowledged. Not all HID hosts implement
server mode, which is necessary for the
attack, and the fact that the screen might
not be visible adds more complications. And
there's the main issue limiting all
Bluetooth attacks - that they must be
carried out at close range.
However, the BTCrack and HID Attack show
that such attacks are far from theoretical,
Zoller said in his talk.
http://www.nruns.com/security_tools.php
http://mulliner.org/bluetooth/hidattack.php
Related information
