0

The wonderful answer to the question "What can an attacker do with Bluetooth and how should it be mitigated?" suggests that frequently re-pairing Bluetooth devices is a "good idea™."

Are there any Bluetooth pairing sequence attacks such that it would be advisable to avoid pairing Bluetooth devices in public places? Or can I generally feel safe re-pairing my phone with a headset or a keyboard in public?

techraf
  • 9,141
  • 11
  • 44
  • 62
Naftuli Kay
  • 6,715
  • 9
  • 47
  • 75

2 Answers2

1

I wouldn't recommend pairing Bluetooth in public places. The pairing protocol in Bluetooth is vulnerable to MITM attack.

In fact, even in active Bluetooth connection, there is a vulnerability which is caused by forcing the devices to re-pair, and this allowed the attacker to observe the key exchange and obtain the encryption key.

Lie Ryan
  • 31,089
  • 6
  • 68
  • 93
1

The sub-section of the answer you are referring to indicates that refreshing the security pin frequently is a good idea. By no means is bluetooth a secure technology.

You can read the rest of that answer or this article for some more info on how bluetooth is vulnerable. If you want specific attacks, just google "CVE bluetooth" and read through.

In answer to you asking:

can I generally feel safe repairing my phone with a headset or a keyboard in public?

Maybe... Just because the threat is out there does not mean someone is actually trying to attack you. Bottom line, it all depends on the level of security you need. If you are working on a confidential doc (why would you be doing that in public anyway) or are banking, I wouldnt use inherently insecure tech to do this, but if you are just playing words with friends, go ahead -who cares.

Matthew Peters
  • 3,592
  • 4
  • 21
  • 39