Saturday, June 04, 2005

Masih Mau Pakai Bluetooth?

Bluetooth makin rawan atas MITM-attack. Serangan secara ringkas bisa dilakukan dengan cara (1) sniff percakapan terenkripsi, (2) brute-force PIN, (3) spoof ID, kirim message 'lupa kunci', (4) akan terjadi renegosiasi kunci yang hanya butuh waktu 0.3 detik bagi Pentium III untuk memecahkannya.

... “Having it done so easily is surprising,” says Schneier. He is also impressed by the fact that Wool and Shaked have actually implemented Whitehouse’s idea in real devices.

They show that once an attacker has forced two devices to pair, they can work out the link key in just 0.06 seconds on a Pentium IV-enabled computer, and 0.3 seconds on a Pentium-III. “This is not just a theoretical break, it’s practical,” says Schneier.
Apa resikonya?
The discovery may make it even easier for hackers to eavesdrop on conversations and charge their own calls to someone else’s cellphone.
Jadi? Paling tidak, jangan aktifkan Bluetooth di tempat publik.

No comments: