New Scientist is reporting what appears to a serious security flaw in the bluetooth protocol. The flaw allows a hacker to force device pairing at will, and key discovery apparently takes less than .06 seconds on a Pentium IV.
This is not the security flaw found in February.
Via jkontherun.
Bruce Schneier covers it here.
Update: the risk may well be overblown in the New Scientist article. See my follow-up post here.
{ 1 comment… read it below or add one }
This article is quite flawed itself. I wrote up an analysis of the hack and posted it to my blog.
http://blogs.fullthrottle.com/EmbeddedBlue/
Basically it relies on a Bluetooth device with a bad security implemention and a user that chooses a really weak pin code.