Tuesday, August 12, 2003
Bluetooth Nondiscoverability... Isn't
Posted by Janak Parekh in "HARDWARE" @ 02:00 PM
It seems that, finally, people are starting to audit Bluetooth's security, and unsurprisingly, there are some weaknesses in the protocol. In particular, the notion of Bluetooth devices being nondiscoverable seems to be a red herring. A security researcher at @stake has written example code that uses Linux's Bluetooth stack to do a brute-force search of Bluetooth nodes by guessing the device's ID. If a device is then open, data could be accessed.
That said, I find the article a bit sensationalistic. Most BT-enabled devices come with Bluetooth off, and require a passkey for any form of bonding. From a fundamental standpoint, BT's point-to-point connection mechanisms are theoretically more secure than Wi-Fi. Nevertheless, if you have BT, don't just leave it on and unconfigured. ;)
That said, I find the article a bit sensationalistic. Most BT-enabled devices come with Bluetooth off, and require a passkey for any form of bonding. From a fundamental standpoint, BT's point-to-point connection mechanisms are theoretically more secure than Wi-Fi. Nevertheless, if you have BT, don't just leave it on and unconfigured. ;)
