Re: blackberry bluetooth prompts

[gjgowey () tmo blackberry net]

This sounds like a case of the latter.  Remember: device names are fully customizeable on most Bluetooth devices.  Mine 
is set to 'pin1234' >:->
No guesses what the pairing key is.  Fun for when I'm bored and in NY or some other densely crowed place.

Geoff

Sent from my BlackBerry wireless handheld.

-----Original Message-----
From: "Murda Mcloud" <murdamcloud () bigpond com>

Date: Tue, 23 Oct 2007 16:18:42 
To:<security-basics () securityfocus com>
Subject: blackberry bluetooth prompts


Hi all,
Just wanting to find out if anyone had seen something similar to this on a
bluetooth enabled mobile email device(or similar).
I have a user that every now and then gets prompted for an 'Australian
defence Force' passkey-this comes up with the Bluetooth symbol. We are a
commercial company and have nothing to do with them at all.
It strikes me as strange since it seems random and it is so specific and
also because she never seems to get prompted for pass keys by any other
Bluetooth enabled devices.
My first reaction is that it is just an ADF enabled device asking for a
pairing but that seems pretty insecure to me. Why would defence force
devices be running around asking if you want to pair up?
I have just asked her to disable her Bluetooth capability as she no longer
uses her headset. (it was set to non discoverable anyway, for what that's
worth.)

This then made me think, are there any Bluetooth attacks that can use a fake
device which gathers passkeys by asking/prompting for a pairing? Maybe this
is what was taking place.