undefined | Better HN

0 pointssp33211y ago0 comments

If you get an Ubertooth http://ubertooth.sourceforge.net/ you can sniff bluetooth as well. If you use the default PIN (0000 or 1234) then it's possible to decrypt the signal. Here's an overview of how feasible decryption is: http://css.csail.mit.edu/6.858/2012/projects/echai-bendorff-...

Also, Bluetooth LE provides no eavesdropping protection. If an attacker can capture the pairing frames, they may be able to determine the "long-term key". Here's the NIST guidance paper on Bluetooth security: http://www.nist.gov/customcf/get_pdf.cfm?pub_id=911133

The attack surface can be minimized if the keyboard manufacturer implements crypto properly, requires encryption at the protocol level, uses a long and complex PIN, etc. The manufacturer with the best reputation right now is Microsoft. They got burned pretty hard when their propriety wireless encryption was hacked back in 2007, and it looks like their bluetooth keyboards are doing everything right.

0 comments

dominicgs11y ago

> Also, Bluetooth LE provides no eavesdropping protection. If an attacker can capture the pairing frames, they may be able to determine the "long-term key"

There's a practical attack for that, and it's quick. It also uses Ubertooth[1].

For all Bluetooth keyboards that I've seen in the past ~5 years the pairing process uses one of the "Secure Simple Pairing" modes. none of these have been broken, although "Just Works" is probably vulnerable. The keyboard that I've see use the "enter a 6 digit number" mode, which is not susceptible to man in the middle attacks that have been used against Bluetooth keyboards before[2].

Disclosure: I work on the Ubertooth and related projects.

[1] https://www.usenix.org/conference/woot13/workshop-program/pr...

[2] https://www.youtube.com/watch?v=X0RUN6SB6c8

sp332OP11y ago

I haven't seen many keyboards that seemed secure, but now that you mention it, they are pretty old. Thanks for the update :)

drdaeman11y ago

(As a side note) Seeing the comment on acoustic fingerprinting, I guess it applies to wireless keyboards as well - even if the exact keycodes could be securely encrypted, keypress timing data, paired with finger movement model and typist habits analysis, would probably still leak information on what's typed.

1 more reply

chmars11y ago

Thanks for sharing your knowledge!

Is anything known about the security of Apple's current bluetooth keyboard?

j / k navigate · click thread line to collapse