Home page logo

pen-test logo Penetration Testing mailing list archives

Bluetooth Wireless Keyboards
From: Kevin white <kwhite () ci collierville tn us>
Date: Sun, 24 Sep 2006 19:09:45 -0500

Dear List,

Recently we have discovered that one of the employees in our
organization has purchased a bluetooth keyboard.  Their belief
is that if someone were to sniff their keystrokes they would have to be
within 30 feet.  To quote them...

your worried about the unlawful electronic misappropriation and
dissemination of personal information from a very low power use
Bluetooth device with a transmission range with about thirty feet?

Hold on I'm laughing.... Ok, I'm back

I am already going to work the policy side of things to get this device
removed given this is a HIPAA and public safety related division. None the
less I am curious, am I being overly paranoid?  I know that
bluetooth snarfing has been done at ranges over a mile and I've searched
all over google for more information on doing a proof of concept on this
myself.  Most of the information seems to deal with cell-phones.  Some
whitepapers or POCs on this would be great.  Heck, even some personal
experiences.  Based on what I saw at Black Hat I am a little less
paranoid since the vendor could be doing something to protect the
keystrokes and BT is somewhat of a strange protocol anyway. I guess I'll
never really know till I go out there with my own BT dongle and capture
some traffic myself, if possible. ;)

Thanks in Advance!


Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]