For Bluetooth device to pair with each other , they must first establish a 128-bit key that is used to encrypt all communication . in this way , no one can snoop on the devices and steal data , and no outside device can pose as one of the devices because outside devices don’t have the 128-bit encryption . both users of the devices that are to pair have to type in the same secret PIN , which is then used to create the 128-bit encryption key .
If a Bluetooth hacker is nearby during the Pairing process , he can use a device called a Bluetooth sniffer that records the messages the pairing devices use to create the encryption key .
Those stolen communication are fed to a special piece of software that has information about Bluetooth algorithms . The software is able to go through all 10,000 PIN combinations and compare that PIN against the communication until it finds the right Pin .
After the hacker finds the right PIN , he can create the 128-bit encryption key using that encryption key , he is able to take control and hijack the Bluetooth device and can control it just as if it were in his hands . For example , he could steal files or make phone calls over someone else’s Bluetooth telephone .
This methods of hacking Bluetooth has one serious drawback : hackers can only do it at the exact time the Bluetooth device pair .
0 comments:
Post a Comment