Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
WVE ID: WVE-2005-0009
Type: Vulnerability
Status: Candidate
Classification:
Authentication Management
Design Flaw
Description:
Bluetooth devices that have no means for PIN code input come with a hard-coded PIN to use when pairing with another device.
Discussion:
The primary authentication mechanism used in Bluetooth devices is a PIN, between 1 and 16 characters in length, that is used to authenticate a device for the first time. However, many Bluetooth devices have no means for inputting a user-defined PIN code when pairing with another device, due to the lack of a man-machine interface (MMI) such as a numeric keypad or keyboard. This is especially prevalent in Bluetooth headsets, pointing devices, headphones, and speakers.
To get around this limitation, such devices make use of a hard-coded PIN that may be entered into a peer device when pairing is initiated. This itself is not a problem. However, many of these devices use the same PIN code for every unit of a particular model of device that is produced. Thus, it is trivial for someone to guess the PIN used by one of the affected devices for a pairing with any given device based on its make and model. Once someone has determined the correct PIN, they can use it to gain unauthorized access to the vulnerable device.
Credits
References
URL:
http://www.jabra.com/JabraCMS/NA/EN/MainMenu/Products/WirelessHeadsets/JabraBT160/JabraBT160.htm
URL:
http://www.starcom1.com/bluetooth.htm
Released: 2000-01-01
Submitter
Andrew
Lockhart
(alockhart@networkchemistry.com)
: Network Chemistry
Submitted: Tue Oct 18 14:26:17 -0700 2005
Candidate Date: Mon Oct 24 10:01:54 -0700 2005
