A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Pin Cracking

A procedure for breaking into Bluetooth devices by determining the personal identification number (PIN) used for secure transmissions

Pin cracking is a procedure for breaking into Bluetooth devices by determining the PIN used for secure transmissions. Bluetooth technology, which is used for short-range, fast communications, is now in a wide range of wired and wireless devices: mobile phones, PDAs, desktop and mobile PCs, printers, digital cameras and dozens of other devices. Being wireless, Bluetooth is potentially vulnerable to many attacks.

Some security measures exist to secure transmissions between Bluetooth devices. Bluetooth technology has built-in key management, authentication and secrecy security measures. The fact that Bluetooth operates only over short distances provides some security. Recent history has shown, however, that effective range-extenders can be built very cheaply. And, more critically, the security of the whole system depends on a secret PIN that is often much too short to ensure good security.

A transmission between two Bluetooth devices starts only after both the devices involved in the transmission have been paired. This process requires both users to enter a secret PIN. If a PIN is compromised, a hacker can easily gain access to these devices and all their further communications. Recent studies show that this process takes less than one second to perform.

Protective Measures

Practices

  • Limit PIN usage. It is almost impossible to restrict Bluetooth signals from leaking outside the desired boundaries. Therefore, one should follow the recommendation in the Bluetooth standard and refrain from entering the PIN into the Bluetooth device for pairing as much as possible. This reduces the risk of an attacker eavesdropping on the pairing process and finding the PIN used.
  • Use the link key instead of the PIN. The link key is a secret value established during pairing. Most Bluetooth devices save the link key in non-volatile memory for future use. This way, when the same Bluetooth devices wish to communicate again, they use the stored link key. This would be a safer method than entering the PIN each time as that increases the probability of an attacker eavesdropping on the messages transferred.
  • Use in secure environments. Using the device in secure and trusted environments can reduce the risk of PIN cracking. Avoid using them in public places where it’s easier for an attacker to eavesdrop on the messages being transmitted.

References

My home page