[liberationtech] How secure is Bluetooth?
Matt Mackall
mpm at selenic.com
Sun Jan 29 15:52:12 PST 2012
On Sun, 2012-01-29 at 14:47 -0800, Brian Conley wrote:
> Thanks Jacob,
>
> I expected you'd reply thusly. The implementation I'm talking about
> doesn't appear to be compromised based on what I've read in the links
> you've provided. The first link, from usenix, seems to be most
> damning, however doesn't appear to suggest that the packets from a
> voice call can be put back together in such a way they can be listened
> to. Even if that is true, it appears based on what I'm reading that,
> at most, current tools as of that paper, would only enable yo to
> listen to, at most, 2.4 seconds of audio from a one minute call.
Ok, so two academics in '07 get 90% of the way to a fully-working
attack, but are stymied by a silly timing limitation in the
software-defined radio they had on hand. They could trivially fix it by
dropping another $1k on a second USRP for leapfrogging to the next
channel, given that they _have exposed the hopping pattern_.
And you conclude... "not compromised". Huh.
I conclude "compromised for all practical purposes": I could take their
paper and $2000 and build a fully-working attack if I had the
motivation. As could any motivated interception capability vendor. Odds
that this capability already exists: rapidly approaching unity.
Also note that recording the traffic on all 79 3Mbit/s channels is
trivially within the capabilities of any organization that designs its
own hardware. This IC has programmable hop parameters and is < $5:
www.atmel.com/atmel/acrobat/doc1612.pdf
Slapping 79 of those on a board with a high-gain antenna and a USB
interface left as an exercise for the reader.
--
Mathematics is the supreme nostalgia of our time.
_______________________________________________
liberationtech mailing list
liberationtech at lists.stanford.edu
Should you need to change your subscription options, please go to:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
You will need the user name and password you receive from the list moderator in monthly reminders.
Should you need immediate assistance, please contact the list moderator.
Please don't forget to follow us on http://twitter.com/#!/Liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list