Cracking the Bluetooth PIN

Thierry Zoller and Kevin Finistere gave a presentation in the Hack.lu 2006 conference on Bluetooth Cracking. They also showed a demo of BTCrack, a Windows tool that can crack Bluetooth PIN and Linkkey in almost real-time. All you need is the initial pairing, which can be sniffed. See the screen cam here .

F-Secure has a screenshot of BTCrack.

Thierrys’ and Kevin’s conclusion is:

  • Bluetooth might be a risk for your Company
  • Don’t accept every file you are being send, just click NO.
  • Disable Bluetooth if not required Pair in “secure” places (SIG Recommendations)
  • Hold your Bluetooth vendor accountable for vulnerabilities!

There is no need for more words on this issue 😉

Full presentation is here.