|
|
|
|
|
|
by dominicgs
4439 days ago
|
|
|
> Also, Bluetooth LE provides no eavesdropping protection. If an attacker can capture the pairing frames, they may be able to determine the "long-term key" There's a practical attack for that, and it's quick. It also uses Ubertooth[1]. For all Bluetooth keyboards that I've seen in the past ~5 years the pairing process uses one of the "Secure Simple Pairing" modes. none of these have been broken, although "Just Works" is probably vulnerable. The keyboard that I've see use the "enter a 6 digit number" mode, which is not susceptible to man in the middle attacks that have been used against Bluetooth keyboards before[2]. Disclosure: I work on the Ubertooth and related projects. [1] https://www.usenix.org/conference/woot13/workshop-program/pr... [2] https://www.youtube.com/watch?v=X0RUN6SB6c8 |
|
|