you can also disable the ability to auto-pair with devices on the
enterprise server.
http://eu.blackberry.com/eng/ataglance/security/it_policy.jsp
I highly recommend the use of IT Policy if you have an enterprise server.
On 10/23/07, gjgowey@tmo.blackberry.net <gjgowey@tmo.blackberry.net> wrote:
This sounds like a case of the latter. Remember: device names are fully
customizeable on most Bluetooth devices. Mine is set to 'pin1234' >:->
No guesses what the pairing key is. Fun for when I'm bored and in NY or some
other densely crowed place.
Geoff
Sent from my BlackBerry wireless handheld.
-----Original Message-----
From: "Murda Mcloud" <murdamcloud@bigpond.com>
Date: Tue, 23 Oct 2007 16:18:42
To:<security-basics@securityfocus.com>
Subject: blackberry bluetooth prompts
Hi all,
Just wanting to find out if anyone had seen something similar to this on a
bluetooth enabled mobile email device(or similar).
I have a user that every now and then gets prompted for an 'Australian
defence Force' passkey-this comes up with the Bluetooth symbol. We are a
commercial company and have nothing to do with them at all.
It strikes me as strange since it seems random and it is so specific and
also because she never seems to get prompted for pass keys by any other
Bluetooth enabled devices.
My first reaction is that it is just an ADF enabled device asking for a
pairing but that seems pretty insecure to me. Why would defence force
devices be running around asking if you want to pair up?
I have just asked her to disable her Bluetooth capability as she no longer
uses her headset. (it was set to non discoverable anyway, for what that's
worth.)
This then made me think, are there any Bluetooth attacks that can use a fake
device which gathers passkeys by asking/prompting for a pairing? Maybe this
is what was taking place.
