33

In a situation where an admin will enter sensitive information into a keyboard (the root password), what is the risk that a bluetooth keyboard (ship by default with Mac systems these days) would put those passwords at risk?

Another way of asking would be: what security and encryption protocols are used, if any, to establish a bluetooth connection between a keyboard and host system?

Edit: Final Summary

All answers are excellent. I accepted that which links to the most directly applicable information however I also encourage you to read Nathan Adams's response and discussion about security trade-offs.

jhs
  • 979
  • 1
  • 8
  • 13

5 Answers5

14

http://en.wikipedia.org/wiki/Bluetooth#Security

While Bluetooth has its benefits, it is susceptible to denial of service attacks, eavesdropping, man-in-the-middle attacks, message modification, and resource misappropriation.

fsckin
  • 555
  • 4
  • 9
  • 2
    It also says, "Bluetooth v2.1 – finalized in 2007 with consumer devices first appearing in 2009 – makes significant changes to Bluetooth's security", and the "History of security concerns" section doesn't have anything after 2.1 was published. Are the problems you mentioned still active, or did 2.1 fix them? – Ian Dunn Jan 13 '15 at 18:23
  • My preferred source of IT gutter news has this: [2007-12: Microsoft wireless keyboards crypto cracked](http://www.theregister.co.uk/2007/12/03/wireless_keyboard_crypto_cracked/), [2010-02: Kit attacks Microsoft keyboards (and a whole lot more)](http://www.theregister.co.uk/2010/03/26/open_source_wireless_sniffer/), [2015-01: This $10 phone charger will wirelessly keylog your boss](http://www.theregister.co.uk/2015/01/13/this_10_phone_charger_will_wirelessly_keylog_your_boss/). Looks like a good idea to stay wired but at least stay away from Microsoft's homegrown stuff. – David Tonhofer Apr 02 '15 at 08:52
4

I'd suggest looking at this publication by the NIST. It provides some pretty useful information on Bluetooth security. The encryption protocol of bluetooth is E0 which is 128 bit.

http://csrc.nist.gov/publications/nistpubs/800-121-rev1/sp800-121_rev1.pdf

Mark Henderson
  • 68,316
  • 31
  • 175
  • 255
ryanyama
  • 69
  • 6
3

Since most of the answers are 10 years old as of today here are the 2018 results of some german security researches on the topic. They claim that modern BT keyboards have their most critical weakness when an attacker manages to get physical access to the device and extracts the crypto keys or is able to eavesdrop during the pairing process.

Here is their paper: https://www.syss.de/fileadmin/dokumente/Publikationen/2018/Security_of_Modern_Bluetooth_Keyboards.pdf

Their summary:

During this research project with a total duration of 15 person-days, SySS GmbH could identify some security issues concerning the three tested Bluetooth keyboards.

The secret pairing information stored on the keyboards can be easily extracted by an attacker with physical access. The credentials in this information can be used to conduct further attacks on the host.

The 1byone keyboard does not require authentication when pairing to a Windows 10 host and the communication of the Microsoft Designer Bluetooth keyboard can be decrypted if an attacker passively eavesdrops on the pairing process.

Furthermore, by continuously sending pairing requests to some operating systems, an attacker can prevent other devices from pairing (denial-of-service).

And here are their key findings: enter image description here

perelin
  • 171
  • 1
  • 8
3

Although bluetooth may not be the most secure protocol, you have to put things in perspective: Bluetooth has a relativity short transmit range. This means that if you were to use bluetooth keyboards in a building, a person would have to be in the same room or close to the room to actually do anything malicious.

Just because a certain technology is insecure, doesn't mean that it is useless.

Natalie Adams
  • 745
  • 1
  • 6
  • 15
  • 6
    The assumption that bluetooth's short range is some sort of protection to what sort of damage can be done through it is false. If someone hacks a computer which happens to have a bluetooth radio that hacker can now exploit bluetooth from anywhere in the world. This could be a way of getting other passwords, which may have more privileges or to own other machines near by. – 3dinfluence Apr 30 '10 at 22:58
  • @3d, they are still limited by the devices that connect to the bluetooth transmitter on the computer though. Also, if the hacker had access to the whole system, setting up a keylogger via the bluetooth would be breaking your shoulder to scratch your back. There are easier ways and much less painful ways to do it. – David Rickman May 01 '10 at 01:15
  • Both are good points. If I get spyware on my laptop and then take it to work, even if I plug in to the "visitors" LAN I might put more sensitive systems at risk--in theory (although you don't see many bluetooth keyboards in data centers). On the other hand, when I SSH from home, I feel safe using a bluetooth keyboard because my neighbors, even if they are script kiddies, probably cannot put my systems at much risk. An internet cafe is somewhere in the middle. As with everything, proper risk-assessmet is key. – jhs May 01 '10 at 10:40
  • @3dinfluence Again, we need to put things into perspective, if a person hacked into a computer they would be more interested in installing a keylogger than sniffing the bluetooth devices. Because in the end, its easier and any keys they type on the keyboard will be logged. – Natalie Adams May 01 '10 at 12:35
  • Just depends on what the goals are. More and more hacks are targeted attacks. I don't think this is something that your typical drive by malware type of hacker who is just looking to setup a bot net is going to do. – 3dinfluence May 01 '10 at 14:29
  • [According to the NSA](https://www.nsa.gov/ia/_files/wireless/I33-TR-005-06.pdf), Bluetooth connections can be made up to a mile away, but even 5 feet is a problem if I'm at a coffee shop with my laptop and use a wireless keyboard to type in my passwords (which I do because the built-in keyboards have shitty ergonomics). – Ian Dunn Jan 13 '15 at 18:27
  • Sure - if you don't mind looking like this guy (and don't get arrested for carrying what looks like a gun..) - http://i.imgur.com/bsDLIcW.jpg . The reality of the situation is if you are really that worried your only recourse is not carry any electronics at all. I mean - to date you can't make micro hijacking equipment. It would be really difficult to hide something like http://i.imgur.com/MFbOE0C.png at your local starbucks while you are sipping your mocha latte. – Natalie Adams Jan 13 '15 at 21:43
  • 2
    Short range is not true. I can still connect to my bluetooth keyboard from my mac when outside in the garden, while the keyboard is upstairs on the second floor. (maybe 10 meters?) Basically your bluetooth signal is within range of your neighbours and the street. (I Have latest MBP, April 2014) – snowcode Jul 23 '14 at 20:12
  • I can't downvote, but I disagree. Please be security conscious. It doesn't take a giant device, bluetooth has decent range, and you can't know who is going to run an attack. It could be someone you know. At least now bluetooth devices use encryption. But even so, if/when that encryption is broken you'll need to update the bluetooth on the device or, more likely, the device itself. – J.Money Sep 25 '17 at 19:54
  • @Ian Dunn what about usb-dongles, are they better ? – R S Jul 02 '18 at 13:35
  • @snowcode have you checked range of devices with usb-dongle ? – R S Jul 02 '18 at 13:36
-1

Most bluetooth keyboards have been tried and tested by manufacturers to make sure they have the least amount of security risks possible. Yet on some wireless keyboards, hackers can install a 'keylogger' onto your device, which intercepts the signal and decrypts the data you are sending through the keyboard.

Louie Bnouie
  • 1
  • 2
  • why it differs from using wired keyboard ? you send signal by wire, keylogger still can be installed – R S Jul 02 '18 at 13:22