Home page logo
/

basics logo Security Basics mailing list archives

Re: blackberry bluetooth prompts
From: "Kelly Keeton" <kellyrkeeton () gmail com>
Date: Tue, 23 Oct 2007 11:09:18 -0700

you can also disable the ability to auto-pair with devices on the
enterprise server.

http://eu.blackberry.com/eng/ataglance/security/it_policy.jsp

I highly recommend the use of IT Policy if you have an enterprise server.


On 10/23/07, gjgowey () tmo blackberry net <gjgowey () tmo blackberry net> wrote:
This sounds like a case of the latter.  Remember: device names are fully customizeable on most Bluetooth devices.  
Mine is set to 'pin1234' >:->
No guesses what the pairing key is.  Fun for when I'm bored and in NY or some other densely crowed place.

Geoff

Sent from my BlackBerry wireless handheld.

-----Original Message-----
From: "Murda Mcloud" <murdamcloud () bigpond com>

Date: Tue, 23 Oct 2007 16:18:42
To:<security-basics () securityfocus com>
Subject: blackberry bluetooth prompts


Hi all,
Just wanting to find out if anyone had seen something similar to this on a
bluetooth enabled mobile email device(or similar).
I have a user that every now and then gets prompted for an 'Australian
defence Force' passkey-this comes up with the Bluetooth symbol. We are a
commercial company and have nothing to do with them at all.
It strikes me as strange since it seems random and it is so specific and
also because she never seems to get prompted for pass keys by any other
Bluetooth enabled devices.
My first reaction is that it is just an ADF enabled device asking for a
pairing but that seems pretty insecure to me. Why would defence force
devices be running around asking if you want to pair up?
I have just asked her to disable her Bluetooth capability as she no longer
uses her headset. (it was set to non discoverable anyway, for what that's
worth.)

This then made me think, are there any Bluetooth attacks that can use a fake
device which gathers passkeys by asking/prompting for a pairing? Maybe this
is what was taking place.





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]