Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Bluetooth Wireless Keyboards
From: "William Woodhams" <William.Woodhams () wegmans com>
Date: Mon, 25 Sep 2006 07:35:42 -0400

Kevin,

My experience with this has been with PDA's and Cell Phones.  We have a
Bluetooth user here but for his PDA.  With that said this user is
required to have all signals encrypted between the receiver and dongle.
This covers my paranoia of the BT connection.  As for Cell Phones I have
been able to get a signal as far as 50-100 feet with the right
equipment.

Yos,  

Bill Woodhams
Systems Technician
Development Group-Technical Systems
(585)429-3183
William.Woodhams () wegmans com
 
Newcastle United signs Michael Owen...Enough Said!
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Kevin white
Sent: Sunday, September 24, 2006 8:10 PM
To: pen-test () securityfocus com
Subject: Bluetooth Wireless Keyboards

Dear List,

Recently we have discovered that one of the employees in our
organization has purchased a bluetooth keyboard.  Their belief
is that if someone were to sniff their keystrokes they would have to be
within 30 feet.  To quote them...

###
your worried about the unlawful electronic misappropriation and
dissemination of personal information from a very low power use
Bluetooth device with a transmission range with about thirty feet?

Hold on I'm laughing.... Ok, I'm back
###

I am already going to work the policy side of things to get this device
removed given this is a HIPAA and public safety related division. None
the
less I am curious, am I being overly paranoid?  I know that
bluetooth snarfing has been done at ranges over a mile and I've searched
all over google for more information on doing a proof of concept on this
myself.  Most of the information seems to deal with cell-phones.  Some
whitepapers or POCs on this would be great.  Heck, even some personal
experiences.  Based on what I saw at Black Hat I am a little less
paranoid since the vendor could be doing something to protect the
keystrokes and BT is somewhat of a strange protocol anyway. I guess I'll
never really know till I go out there with my own BT dongle and capture
some traffic myself, if possible. ;)

Thanks in Advance!

Kevin


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault