Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Bluetooth Wireless Keyboards

from [William Woodhams] Network Security [Permanent Link]
Subject: RE: Bluetooth Wireless Keyboards
Date: Mon, 25 Sep 2006 07:35:42 -0400 
Kevin,

My experience with this has been with PDA's and Cell Phones.  We have a
Bluetooth user here but for his PDA.  With that said this user is
required to have all signals encrypted between the receiver and dongle.
This covers my paranoia of the BT connection.  As for Cell Phones I have
been able to get a signal as far as 50-100 feet with the right
equipment.

Yos,  

Bill Woodhams
Systems Technician
Development Group-Technical Systems
(585)429-3183
William.Woodhams@wegmans.com
 
Newcastle United signs Michael Owen...Enough Said!
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Kevin white
Sent: Sunday, September 24, 2006 8:10 PM
To: pen-test@securityfocus.com
Subject: Bluetooth Wireless Keyboards

Dear List,

Recently we have discovered that one of the employees in our
organization has purchased a bluetooth keyboard.  Their belief
is that if someone were to sniff their keystrokes they would have to be
within 30 feet.  To quote them...

###
your worried about the unlawful electronic misappropriation and
dissemination of personal information from a very low power use
Bluetooth device with a transmission range with about thirty feet?

Hold on I'm laughing.... Ok, I'm back
###

I am already going to work the policy side of things to get this device
removed given this is a HIPAA and public safety related division. None
the
less I am curious, am I being overly paranoid?  I know that
bluetooth snarfing has been done at ranges over a mile and I've searched
all over google for more information on doing a proof of concept on this
myself.  Most of the information seems to deal with cell-phones.  Some
whitepapers or POCs on this would be great.  Heck, even some personal
experiences.  Based on what I saw at Black Hat I am a little less
paranoid since the vendor could be doing something to protect the
keystrokes and BT is somewhat of a strange protocol anyway. I guess I'll
never really know till I go out there with my own BT dongle and capture
some traffic myself, if possible. ;)

Thanks in Advance!

Kevin


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: cracking Y2k DC Admin password, s-williams
Next by Date:  Re: Re[2]: Bluetooth Wireless Keyboards, Nathan Keltner
Previous by Thread:  RE: Bluetooth Wireless Keyboards, Butler, Theodore
Next by Thread:  dns spoof windows and netbios, Robin Wood
Indexes:  [Date] [Thread] [Top] [All Lists]