Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Connecting > Carwhisperer - Pg. 49

Connecting 49 know the PIN of the remote device can connect. This may mean asking the owner of the other cell phone or just the fact that you own the device means you set its PIN and know it. Other variations include having the second device enter a code which has to be entered on the first device as well, thus requiring user interaction and avoiding default PINs. Once the PIN is entered, the devices handshake, and a link key is established, and now the devices are bonded and trust one another. This is an over simplification of the internals of the process, but the main issue here is not one of internals but of externals. The most common attacks on Bluetooth devices are due to default PIN numbers. Many devices come preset from the factory with a PIN that the user is asked to change. Usually those instructions are buried in the manual and are ignored by the user. Other devices, such as headsets, have no interface in which to change the PIN, so their PINs stay static. The most common PINs are 0000, 1234, and 9999. A quick Google search for a specific device will turn up the manual, which will usually contain the default PIN, right next to instructions on how to change it. This situa- tion leaves plenty of room for an attacker to play. The most famous of these attacks involving default PINs concerns Bluetooth headsets.