Home / server / Questions / 137091
Accepted
jhs
Asked: 2010-04-30 08:39:37 +0800 CST

How secure is a bluetooth keyboard against password sniffing?

  • 772

In a situation where an admin will enter sensitive information into a keyboard (the root password), what is the risk that a bluetooth keyboard (ship by default with Mac systems these days) would put those passwords at risk?

Another way of asking would be: what security and encryption protocols are used, if any, to establish a bluetooth connection between a keyboard and host system?

Edit: Final Summary

All answers are excellent. I accepted that which links to the most directly applicable information however I also encourage you to read Nathan Adams's response and discussion about security trade-offs.

security password keyboard bluetooth

5 Answers

  1. Best Answer

    http://en.wikipedia.org/wiki/Bluetooth#Security

    While Bluetooth has its benefits, it is susceptible to denial of service attacks, eavesdropping, man-in-the-middle attacks, message modification, and resource misappropriation.

    • 14

  2. I'd suggest looking at this publication by the NIST. It provides some pretty useful information on Bluetooth security. The encryption protocol of bluetooth is E0 which is 128 bit.

    http://csrc.nist.gov/publications/nistpubs/800-121-rev1/sp800-121_rev1.pdf

    • 4

  3. Although bluetooth may not be the most secure protocol, you have to put things in perspective: Bluetooth has a relativity short transmit range. This means that if you were to use bluetooth keyboards in a building, a person would have to be in the same room or close to the room to actually do anything malicious.

    Just because a certain technology is insecure, doesn't mean that it is useless.

    • 3

  4. Since most of the answers are 10 years old as of today here are the 2018 results of some german security researches on the topic. They claim that modern BT keyboards have their most critical weakness when an attacker manages to get physical access to the device and extracts the crypto keys or is able to eavesdrop during the pairing process.

    Here is their paper: https://www.syss.de/fileadmin/dokumente/Publikationen/2018/Security_of_Modern_Bluetooth_Keyboards.pdf

    Their summary:

    During this research project with a total duration of 15 person-days, SySS GmbH could identify some security issues concerning the three tested Bluetooth keyboards.

    The secret pairing information stored on the keyboards can be easily extracted by an attacker with physical access. The credentials in this information can be used to conduct further attacks on the host.

    The 1byone keyboard does not require authentication when pairing to a Windows 10 host and the communication of the Microsoft Designer Bluetooth keyboard can be decrypted if an attacker passively eavesdrops on the pairing process.

    Furthermore, by continuously sending pairing requests to some operating systems, an attacker can prevent other devices from pairing (denial-of-service).

    And here are their key findings: enter image description here

    • 3

  5. Most bluetooth keyboards have been tried and tested by manufacturers to make sure they have the least amount of security risks possible. Yet on some wireless keyboards, hackers can install a 'keylogger' onto your device, which intercepts the signal and decrypts the data you are sending through the keyboard.

    • -1