Advertisement

New Bluetooth security flaw found

bluetooth logo

It's been at least a few months since the last spate of Bluetooth hacking/Bluejacking/ Bluesnarfing stories, so we were due for another round right? A couple of researchers at Tel Aviv University have figured out a way to get around one of the main limitations of a hack developed last year—namely that you could only gain access to the target device while it was pairing with another Bluetooth-enabled device—by developing a trick for forcing a Bluetooth-enabled device to pair. It's this pairing process that opens a window of opportunity for a hacker to take control of someone else's cellphone and either steal their address book or other data or make phone calls and send text messages (which is why it's recommended that you never pair devices in a public place). What these guys discovered is that by posing as one of the devices in the pair (by spoofing its Bluetooth ID) and then sending a message to the other device with the message that the spoofed device has "forgotten" the link key used for pairing, you could cause that other device to discard the link key and initiate a new pairing session. Then as the devices go through a new pairing process a hacker could grab the new link key and then feed it into a software program that would run through all 10,000 possible access PIN codes. Once the hacker hits the right PIN (something which should take less than a second on a PC), they could then take control of the target device. Obviously won't work if your phone or PDA isn't paired with another device in the first place.