Where's Your Head(set) At?
Jan. 1st, 2008 06:49 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
mundensI made a comment about the hack possibilities when ![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif)
taniwha_nz posted about making her headphones "discoverable", and she asked what I meant, and I never got round to responding, but here's a nice video covering what I was thinking about at the time.
Of course this is a simple attack, relying on default settings, though the commercial Bluetooth community have been trying to tell people that this is hard to exploit. Doesn't look too hard to me!
But even if someone is clever enough to reconfigure their headset away from default, Israeli security experts have demonstrated a serious flaw in the core AES encryption of Bluetooth, which basically allows them to force the device into pairing mode at any time and recover the key.
taniwha_nz posted about making her headphones "discoverable", and she asked what I meant, and I never got round to responding, but here's a nice video covering what I was thinking about at the time.Of course this is a simple attack, relying on default settings, though the commercial Bluetooth community have been trying to tell people that this is hard to exploit. Doesn't look too hard to me!
But even if someone is clever enough to reconfigure their headset away from default, Israeli security experts have demonstrated a serious flaw in the core AES encryption of Bluetooth, which basically allows them to force the device into pairing mode at any time and recover the key.
