Re: blackberry bluetooth prompts

["Kelly Keeton" <kellyrkeeton () gmail com>]

you can also disable the ability to auto-pair with devices on the
enterprise server.

http://eu.blackberry.com/eng/ataglance/security/it_policy.jsp

I highly recommend the use of IT Policy if you have an enterprise server.


On 10/23/07, gjgowey () tmo blackberry net <gjgowey () tmo blackberry net> wrote:
> This sounds like a case of the latter.  Remember: device names are fully customizeable on most Bluetooth devices.  
> Mine is set to 'pin1234' >:->
> No guesses what the pairing key is.  Fun for when I'm bored and in NY or some other densely crowed place.
>
> Geoff
>
> Sent from my BlackBerry wireless handheld.
>
> -----Original Message-----
> From: "Murda Mcloud" <murdamcloud () bigpond com>
>
> Date: Tue, 23 Oct 2007 16:18:42
> To:<security-basics () securityfocus com>
> Subject: blackberry bluetooth prompts
>
>
> Hi all,
> Just wanting to find out if anyone had seen something similar to this on a
> bluetooth enabled mobile email device(or similar).
> I have a user that every now and then gets prompted for an 'Australian
> defence Force' passkey-this comes up with the Bluetooth symbol. We are a
> commercial company and have nothing to do with them at all.
> It strikes me as strange since it seems random and it is so specific and
> also because she never seems to get prompted for pass keys by any other
> Bluetooth enabled devices.
> My first reaction is that it is just an ADF enabled device asking for a
> pairing but that seems pretty insecure to me. Why would defence force
> devices be running around asking if you want to pair up?
> I have just asked her to disable her Bluetooth capability as she no longer
> uses her headset. (it was set to non discoverable anyway, for what that's
> worth.)
>
> This then made me think, are there any Bluetooth attacks that can use a fake
> device which gathers passkeys by asking/prompting for a pairing? Maybe this
> is what was taking place.