Berkeley CSUA MOTD:Entry 37953
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/07/08 [General] UID:1000 Activity:popular
7/8     

2005/6/3 [Computer/SW/Security] UID:37953 Activity:nil
6/2     yaBlueToothHack:
        http://www.newscientist.com/article.ns?id=dn7461&feedId=online-news_rss20
2025/07/08 [General] UID:1000 Activity:popular
7/8     

You may also be interested in these entries...
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil
8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...
2012/7/18-8/19 [Health/Men, Computer/SW/Security] UID:54438 Activity:nil
7/18    "Largest penis record holder arouses security suspicions at airport"
        http://www.csua.org/u/x2f (in.news.yahoo.com)
        \_ I often have that same problem.
        \_ I think the headline writer had some fun with that one.
           \_ One time when I glanced over a Yahoo News headline "U.S. busts
              largest-ever identity theft ring" all I saw was "U.S. busts
	...
2012/4/23-6/1 [Computer/SW/WWW/Browsers] UID:54360 Activity:nil
4/19    My Firefox 3.6.28 pops up a Software Update box that reads "Your
        version of Firefox will soon be vulnerable to online attacks."  Are
        they planning to turn off some security feature in my version of
        Firefox?
        \_ Not as such, no, but they're no longer developing this version,
           so if a 3.6.x-targeted hack shows up, you're not going to get
	...
2011/11/8-30 [Computer/SW/Security, Computer/SW/OS/Windows] UID:54218 Activity:nil
11/8    ObM$Sucks
        http://technet.microsoft.com/en-us/security/bulletin/ms11-083
        \_ How is this different from the hundreds of other M$ security
           vulnerabilities that people have been finding?
           \_ "The vulnerability could allow remote code execution if an
               attacker sends a continuous flow of specially crafted UDP
	...
2011/11/11-30 [Computer/SW/Security] UID:54224 Activity:nil
11/11   MacOSX's Sandbox security hole:
        http://preview.tinyurl.com/7ph2wtg [arstechnica]
	...
2011/2/10-19 [Computer/SW/Security] UID:54034 Activity:nil
2/9     http://www.net-security.org/secworld.php?id=10570
        Summary: iPhone passwd storage is unsafe after all
	...
Cache (3585 bytes)
www.newscientist.com/article.ns?id=dn7461&feedId=online-news_rss20
Advertising Cryptographers have discovered a way to hack Bluetooth-enabled devices ev en when security features are switched on. The discovery may make it eve n easier for hackers to eavesdrop on conversations and charge their own calls to someone elses cellphone. Bluetooth is a protocol that allows different devices including phones, l aptops, headsets and printers to communicate wirelessly over short range s - typically between 10 and 100 metres. Over the past few years security experts have devised many ways of hackin g into Bluetooth communications, but most require the Bluetooth security features to be switched off. His method allowed someone to hijack the phone, giving them the power to make calls as if it were in their own hands. Pairing up But this technique did not pose a serious risk because it could be perfor med only if the hacker happened to catch two Bluetooth devices just befo re their first communication, during a process known as pairing. Before two Bluetooth devices can communicate they must establish a secret key via this pairing process. But as long as the two devices paired up in a private place there was no risk of attack, explains Chris McNab of the UK security firm TrustMatta. Now Avishai Wool and Yaniv Shaked of Tel Aviv University in Israel have w orked out how to force devices to pair whenever they want. Our attack ma kes it possible to crack every communication between two Bluetooth devic es, and not only if it is the first communication between those devices, says Shaked. Pairing allows you to seize control, says Bruce Schneier, a security expe rt based in Mountain View, California. You can sit on the train and make phone calls on someone elses phone. Sniffing the airwaves During pairing, two Bluetooth devices establish the 128-bit secret link k ey that they then store and use to encrypt all further communication. Th e first step requires the legitimate users to type the same secret, four -digit PIN into both devices. The two devices then use this PIN in a com plex process to arrive at the common link key. Whitehouse showed in 2004 that a hacker could arrive at this link key wit hout knowing the PIN using a piece of equipment called a Bluetooth sniff er. This can record the exchanged messages being used to derive the link key and feed the recordings to software that knows the Bluetooth algori thms and can cycle through all 10,000 possibilities of the PIN. Once a h acker knows the link keys, Whitehouse reasoned they could hijack the dev ice. But pairing only occurs the first time two devices communicate. Wool and Shaked have managed to force pairing by pretending to be one of the two devices and sending a message to the other claiming to have forgotten th e link key. This prompts the other device to discard the link key and th e two then begin a new pairing session, which the hacker can then use. Surprisingly easy In order to send a forget message, the hacker must simply spoof one of th e devices personal IDs, which can be done because all Bluetooth devices broadcast this automatically to any Bluetooth device within range. He is also impress ed by the fact that Wool and Shaked have actually implemented Whitehouse s idea in real devices. They show that once an attacker has forced two devices to pair, they can work out the link key in just 006 seconds on a Pentium IV-enabled compu ter, and 03 seconds on a Pentium-III. This is not just a theoretical br eak, its practical, says Schneier. Shaked and Wool will present their findings at the MobiSys conference nex t Monday in Seattle, Washington, US.