|
|
|
|
|
|
by sp332
4440 days ago
|
|
|
If you get an Ubertooth http://ubertooth.sourceforge.net/ you can sniff bluetooth as well. If you use the default PIN (0000 or 1234) then it's possible to decrypt the signal. Here's an overview of how feasible decryption is: http://css.csail.mit.edu/6.858/2012/projects/echai-bendorff-... Also, Bluetooth LE provides no eavesdropping protection. If an attacker can capture the pairing frames, they may be able to determine the "long-term key". Here's the NIST guidance paper on Bluetooth security: http://www.nist.gov/customcf/get_pdf.cfm?pub_id=911133 The attack surface can be minimized if the keyboard manufacturer implements crypto properly, requires encryption at the protocol level, uses a long and complex PIN, etc. The manufacturer with the best reputation right now is Microsoft. They got burned pretty hard when their propriety wireless encryption was hacked back in 2007, and it looks like their bluetooth keyboards are doing everything right. |
|
|
There's a practical attack for that, and it's quick. It also uses Ubertooth[1].
For all Bluetooth keyboards that I've seen in the past ~5 years the pairing process uses one of the "Secure Simple Pairing" modes. none of these have been broken, although "Just Works" is probably vulnerable. The keyboard that I've see use the "enter a 6 digit number" mode, which is not susceptible to man in the middle attacks that have been used against Bluetooth keyboards before[2].
Disclosure: I work on the Ubertooth and related projects.
[1] https://www.usenix.org/conference/woot13/workshop-program/pr...
[2] https://www.youtube.com/watch?v=X0RUN6SB6c8