Bluetooth keyboard security

Question

Suppose there is a computer with a Bluetooth keyboard linked to it. The keyboard uses a simple 4-digit PIN. Now, I am able to crack the PIN and then program my own keyboard to use the same PIN. Would it be possible for me to gain access to the computer by impersonating the legitimate keyboard in some way?

It has been done. Do some Google searches and you can find examples. — SDsolar, Feb 25 '17 at 08:45
This depends on what version of Bluetooth it uses. If it uses anything older than BR/EDR version 2.1, than the encryption will be _really_ weak, requiring nothing more than brute forcing that 4-digit PIN. — forest, Jan 06 '19 at 07:43

score 1 · Answer 1 · answered Nov 27 '16 at 05:12

1

Would it be possible for me to gain access to the computer by impersonating the legitimate keyboard in some way?

Probably.

But there are a few question you need to ask yourself here:

Is the computer generating the PIN or is the keyboard?
Does the PIN change? If yes, how often?

If the PIN does not change, it doesn't really matter what device generates the PIN and all you have to do is obtain/crack it.

After you obtained the PIN you will need to knock the other keyboard offline (or when the user is not in the room) in order for the PC to connect to your keyboard.

answered Nov 27 '16 at 05:12

Bubble Hacker

3,615
1
11
20

would the PC automatically connect to my keyboard? Also, how would I knock the other keyboard offline? – tpm900 Nov 27 '16 at 16:42
Those are two questions. If your signal overpowers the keyboard (or mouse) then it is possible to both make it connect and to knock the other offline. Keep in mind that this stackexchange is not intended to encourage lawbreakers of any kind, so I will assume you are asking an academic question. If you really want to know the answer, try it out in a lab environment. – SDsolar Feb 25 '17 at 08:48
This is only true for very old versions of Bluetooth (prior to 2.1). For anything newer, the PIN itself is not used directly for encryption, only authentication. So I think this answer is wrong. – forest Jan 06 '19 at 07:46

Bluetooth keyboard security

1 Answers1