[liberationtech] How secure is Bluetooth?

Martyn Williams martyn at stanford.edu
Sun Jan 29 15:43:54 PST 2012


> Again this is of course based on the assumption current technology cannot effectively monitor all 79 channels constantly for the duration of the call. However it also makes the assumption the data packets can be reconstructed into audio.

Are you familiar with SDRs software defined radios? These are capable of
monitoring a chunk of radio spectrum continuously.

They're becoming very popular in amateur radio because they can monitor
a band and visually indicate where the signals exist. I have one on my
desk that works over 200kHz on frequencies up to 30MHz.

The Bluetooth band is much higher in frequency and occupies 80MHz of
spectrum. There's at least one SDR out there that can handle a 20MHz
chunk of spectrum so, in theory, it could continuously monitor 1/4 of
the Bluetooth band.

Four radios (each a few thousand dollars) and some PCs and you might be
able to monitor the whole band.

You'd have to put the packets back together. I expect the difficulty of
that depends on how noisy or quiet the Bluetooth spectrum is where the
device is being used.

If there isn't much traffic, it might be easy to match the packets
together. Presumably the hopping works so that a transmission begins on
one channel immediately after one ends on another. That might be enough
to match them.

You could also use the power level to help narrow down transmissions
that might match each other.

I have no idea if this would work in practice. Realtime would be more
difficult than delayed processing. It's a potential method anyway.

In reality it might be that the 2.4GHz band, which is also full of WiFi
and other low power unlicensed radio stuff, is too noisy to do this easily.

Even if you did get all the packets, you're still let with the
encryption of the data.

My point is, using SDRs it's possible to monitor a chuck of spectrum -
not just one channel - continuously.


Martyn Williams
2012 John S. Knight Journalism Fellow
Stanford University
Cell: 650-391-4868
liberationtech mailing list
liberationtech at lists.stanford.edu

Should you need to change your subscription options, please go to:


If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in monthly reminders.

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list