Thierry Zoller and Kevin Finistere gave a presentation in the Hack.lu 2006 conference on Bluetooth Cracking. They also showed a demo of BTCrack, a Windows tool that can crack Bluetooth PIN and Linkkey in almost real-time. All you need is the initial pairing, which can be sniffed. See the screen cam here .
F-Secure has a screenshot of BTCrack.
Thierrys‘ and Kevin’s conclusion is:
- Bluetooth might be a risk for your Company
- Don’t accept every file you are being send, just click NO.
- Disable Bluetooth if not required Pair in “secure” places (SIG Recommendations)
- Hold your Bluetooth vendor accountable for vulnerabilities!
There is no need for more words on this issue 😉
Full presentation is here.