Penetration Testing mailing list archives
RE: Bluetooth Wireless Keyboards
From: "William Woodhams" <William.Woodhams () wegmans com>
Date: Mon, 25 Sep 2006 07:35:42 -0400
Kevin, My experience with this has been with PDA's and Cell Phones. We have a Bluetooth user here but for his PDA. With that said this user is required to have all signals encrypted between the receiver and dongle. This covers my paranoia of the BT connection. As for Cell Phones I have been able to get a signal as far as 50-100 feet with the right equipment. Yos, Bill Woodhams Systems Technician Development Group-Technical Systems (585)429-3183 William.Woodhams () wegmans com Newcastle United signs Michael Owen...Enough Said! -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Kevin white Sent: Sunday, September 24, 2006 8:10 PM To: pen-test () securityfocus com Subject: Bluetooth Wireless Keyboards Dear List, Recently we have discovered that one of the employees in our organization has purchased a bluetooth keyboard. Their belief is that if someone were to sniff their keystrokes they would have to be within 30 feet. To quote them... ### your worried about the unlawful electronic misappropriation and dissemination of personal information from a very low power use Bluetooth device with a transmission range with about thirty feet? Hold on I'm laughing.... Ok, I'm back ### I am already going to work the policy side of things to get this device removed given this is a HIPAA and public safety related division. None the less I am curious, am I being overly paranoid? I know that bluetooth snarfing has been done at ranges over a mile and I've searched all over google for more information on doing a proof of concept on this myself. Most of the information seems to deal with cell-phones. Some whitepapers or POCs on this would be great. Heck, even some personal experiences. Based on what I saw at Black Hat I am a little less paranoid since the vendor could be doing something to protect the keystrokes and BT is somewhat of a strange protocol anyway. I guess I'll never really know till I go out there with my own BT dongle and capture some traffic myself, if possible. ;) Thanks in Advance! Kevin ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Bluetooth Wireless Keyboards Kevin white (Sep 24)
- Re: Bluetooth Wireless Keyboards Jarrod Frates (Sep 25)
- Message not available
- Re: Bluetooth Wireless Keyboards Kevin white (Sep 25)
- Re: Bluetooth Wireless Keyboards Nathan Keltner (Sep 25)
- Re[2]: Bluetooth Wireless Keyboards Thierry Zoller (Sep 25)
- Re: Re[2]: Bluetooth Wireless Keyboards Nathan Keltner (Sep 25)
- Re: Bluetooth Wireless Keyboards Collin R. Mulliner (Sep 25)
- Re[2]: Bluetooth Wireless Keyboards Thierry Zoller (Sep 25)
- <Possible follow-ups>
- RE: Bluetooth Wireless Keyboards Butler, Theodore (Sep 25)
- RE: Bluetooth Wireless Keyboards William Woodhams (Sep 25)
- RE: Bluetooth Wireless Keyboards William Woodhams (Sep 25)