Home Forums Articles How To's FAQ Register
Go Back   Xoutpost.com > Electronics > Bluetooth
Arnott
User Name
Password
Member List Premier Membership Search Today's Posts Mark Forums Read

Xoutpost server transfer and maintenance is occurring....
Xoutpost is currently undergoing a planned server migration.... stay tuned for new developments.... sincerely, the management


Reply
 
LinkBack Thread Tools Display Modes
  #1  
Old 06-05-2005, 08:54 PM
Member
 
Join Date: Apr 2005
Location: X5world
Posts: 11
digi is on a distinguished road
Bluetooth Security Vulnerability

I think I said a couple of years ago that Bluetooth was going to be a security issue. Now there is an exploit that interferes with the pairing process after the good guy authenticates his slave device and receives the "AU_RAND" confirmation from the master device . A malicious person can send a 'LMP_not_accepted' message to the master, and the master then thinks the slave has forgotten the authentication key. It can also send a IN_RAND, or a random SRES message After serveral invalid pairing attempts occur, the authentication process with the malicious device will restart and the master will pair with the malicious device. This is with any Bluetooth standard device. No fix is available yet.

Probably not the end of the world, but someday the Windows code in the I-Drive will probably need anti-virus protection!
Reply With Quote

Sponsored Links

  #2  
Old 06-05-2005, 09:27 PM
UCrewX5's Avatar
co-founder
 
Join Date: Mar 2005
Location: Hockeytown, USA
Posts: 9,740
UCrewX5 has disabled reputation
Quote:
Originally Posted by digi
I think I said a couple of years ago that Bluetooth was going to be a security issue. Now there is an exploit that interferes with the pairing process after the good guy authenticates his slave device and receives the "AU_RAND" confirmation from the master device . A malicious person can send a 'LMP_not_accepted' message to the master, and the master then thinks the slave has forgotten the authentication key. It can also send a IN_RAND, or a random SRES message After serveral invalid pairing attempts occur, the authentication process with the malicious device will restart and the master will pair with the malicious device. This is with any Bluetooth standard device. No fix is available yet.

Probably not the end of the world, but someday the Windows code in the I-Drive will probably need anti-virus protection!
Very interesting development. I'm not overly concerned at the moment, as I only activate the BT on mt V600 when I want to pair with the vehicle. But certainly the rampant spread of viruses in the Windows environment show the harm that malicious programmers have wreak on software-based systems.
__________________

Xoutpost.com - where you come for the information but stay for the friendships
Reply With Quote
  #3  
Old 06-06-2005, 02:36 PM
Quicksilver's Avatar
Premier Member and retired relic
 
Join Date: Mar 2005
Location: NORCAL
Posts: 17,204
Quicksilver will become famous soon enoughQuicksilver will become famous soon enough
Quote:
Originally Posted by UCrewX5
Very interesting development. I'm not overly concerned at the moment, as I only activate the BT on mt V600 when I want to pair with the vehicle. But certainly the rampant spread of viruses in the Windows environment show the harm that malicious programmers have wreak on software-based systems.
There is a white paper on the issue that may provide some additional
info. If you would like the PDF PM me.
__________________
"What you hear in a great jazz band is the sound of democracy. “The jazz band works best when participation is shaped by intelligent communication.”
Harmony happens whenever different parts get to form a whole by means of congruity, concord, symetry, consistency, conformity, correspondence, agreement, accord, unity, consonance…….
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





All times are GMT -4. The time now is 01:12 PM.
vBulletin, Copyright 2024, Jelsoft Enterprises Ltd. SEO by vBSEO 3.6.0
© 2017 Xoutpost.com. All rights reserved. Xoutpost.com is a private enthusiast site not associated with BMW AG.
The BMW name, marks, M stripe logo, and Roundel logo as well as X3, X5 and X6 designations used in the pages of this Web Site are the property of BMW AG.
This web site is not sponsored or affiliated in any way with BMW AG or any of its subsidiaries.