1

I've read some interesting Bluetooth vulnerability questions, but I didn't notice one recently. Bluetooth has long been disabled in our organization, and I'm looking to enabling it because of repeated help desk calls regarding peripheral support.

I'm curious on the following:

  1. The sole intention is to pair Windows 7 laptops to peripherals - human interface devices (HIDs) and printers - for field workers. Are there particular vulnerabilities to be concerned about?
  2. Is there a reliable way to configure what kind of profiles can be paired, to ensure only peripherals can be used?
  3. Is limiting discoverability the most important security measure? It seems if one forces the user to activate discoverability, most vulnerabilities are mitigated. Is this true?
Steven Volckaert
  • 1,193
  • 8
  • 15
WGFinley
  • 11
  • 2
  • 1
    I found a lot of good info in that question, I made this one because I was more concerned with peripherals than anything else and age. – WGFinley May 22 '14 at 19:46

1 Answers1

0

The sole intention is to pair Windows 7 laptops to peripherals - human interface devices (HIDs) and printers - for field workers. Are there particular vulnerabilities to be concerned about?

Sure there is, not so much mouse interactions but say you have a bluetooth keyboard and I bluejack it, I can see everything you type, no different than a keylogger and its realtime and I don't have to capture and upload or anything, you are sending it to me on the fly.

Is there a reliable way to configure what kind of profiles can be paired, to ensure only peripherals can be used?

You can use policies for that. On Windows machine (which I am assuming you are using based on the W7 comment) you can configure hardware restrictions using policy but again, not perfect as all BT devices don't properly classify their hardware. If you guys use the same devices are willing to do the work, you can hard code their hardware ids into the policies. Also you will need a pretty good robust version of Windows 7 (pro+), nothing budgetware (starter, home b/p).

Is limiting discoverability the most important security measure? It seems if one forces the user to activate discoverability, most vulnerabilities are mitigated. Is this true?

Its the bare minimum effort in security and a must. A more robust pairing process has made interaction required to connect but being discoverable certainly makes the brute force easier because there is no time limit placed on it. So disabling discoverability will make it harder to bluejack but not impossible.

On a daily basis I see my neighbors smart tv, his mac, her ipad and so on show up and my computer tells me they exist, so you can imagine that if I was not an ethical hacker, they would not be happy campers. In fact I had to sit them down and tell them how to avoid broadcasting themselves like that. The wife was quickly dismissive about how much damage could be done until I showed her how long it took me to control her ipad, send her photos to her husband's email and have them see it all happen. Needless to say, I got a 6 pack of beer out of it :) and she is a convert. Sad part, I didn't even have to go black hat to do it, it was unsecured.

GµårÐïåñ
  • 231
  • 1
  • 3
  • 9