Researchers from Tel Aviv University (Wool and Shaked) have found a way to crack the security of Bluetooth devices. But pairing only occurs the first time two devices communicate. Wool and Shaked have managed to force pairing by pretending to be one of the two devices and sending a message to the other claiming to have forgotten the link key. This prompts the other device to discard the link key and the two then begin a new pairing session, which the hacker can then use.
I wonder what the Bluetooth SIG will do now that pairing can be compromised. Perhaps, maybe create a security standard for Bluetooth just like there is one for 802.11.
This just shows you that there is somehow always a way to crack the security, it just takes a matter of time.
No comments:
Post a Comment