Cryptographers from Israel have accomplished a relatively simple way to crack Bluetooth devices and/or their communication with others. Where earlier cracking methods worked only during the pairing-phase of two devices this new technique allows an attacker to pick any time of attack.

Avishai Wool and Yaniv Shaked of the University of Tel Aviv found a way to force two Bluetooth devices to reinitiate a pairing-session. “Our attack makes it possible to crack every communication between two Bluetooth devices, and not only if it is the first communication between those devices,” says Shaked.
During the pairing-phase two Bluetooth devices exchange a 128-bit key with which they encrypt the rest of their communication. Research in 2004 showed that this key is relatively easily sniffed and the user-PIN is easy to crack on a modern laptop.

With this new technique Wool and Shaked showed that an attacker will not have to wait for a pairing session but that the two devices can be forced to pair again. This is accomplished by spoofing one of the devices and sending a forget-message. The other device thinks its communication partner forgot the key and agrees to exchange a new one, start a new pairing-session. All that is needed to spoof a device is its ID, which is broadcasted constantly.

Shaked and Wool will present their findings at the MobiSys conference next Monday in Seattle, Washington, US.