Dirk R=F6sler wrote:
> Raises some interesting security concerns, given that Bluetooth is
> pretty wide open.
> =
> Or is Nokia giving the same advice like HP did in Norway to the guy
> with the wireless keyboard, which signals were received by his
> neighbour: "Just don't write any sensitive information then"...
> =
> One of the gotchas here is that wireless isn't less secure just because=
> of the medium, just because the protocol designers did not bother to
> think things through. The result is that all applications using that
> protocol will suffer and it is better, from a security standpoint, to
> revert to wired networks.
Good question, though it is (IMHO) taken care of with this procedure:
* Communication with the GPLS (Global Paper Lookup Server - ~DNS) is
always 128 bit encrypted (key is inserted in pen by manufacturer). =
* Whether the ASH (actual handler of the written data) uses encryption
is up to each registered paper - if so, suitable (short term) keys are
handed out during the GPLS communication.
* If you are paranoid this also applies to the USB communication - in
case you are infected by a USB sniffing virus...
As a side: The actual sent data is Huffman encoded too (protocol is
secret, API is available) and contains no explicit information as to
what the used form looks like, so even if you would manage to decrypt it
and somehow dehuff it, all you have is time coded penstrokes and no
context. You'd need to capture+decrypt+dehuff a fair number of such
requests before you can make any serious assumptions on what the strokes
actually mean.
So, my point is: don't worry about the BT issues for now.
Feeling better? / Jonas
-- =
Jonas Petersson, X Media Solutions | mailto:Jonas.Petersson@xms.se
Box 3294, Holmbrogr=E4nd 1, S-600 03 Norrk=F6ping | http://www.xms.se/
Tel: +46 (0)11 244805 | Fax: +46 (0)11 244809
Received on Fri Mar 14 10:43:44 2003