Comment by jogu
2 months ago
Some devices are/were only vulnerable during the initial pairing but a key point from this talk was that most of these devices were vulnerable during normal use.
The RACE protocol could be accessed even if the device isn’t in pairing mode. Then once you have a target device’s key you can carry out the attack at anytime, when they’d be unlikely to notice.
If you have the target device key, you can impersonate the device later. But how do you get the device key in the real world? I would need to be in pairing mode for you to get it. Even if you did get it, then you can answer my calls if you are next to me, which in the real world is certainly noticeable.
> I would need to be in pairing mode for you to get it.
No, that doesn't seem to be the case.
> then you can answer my calls if you are next to me, which in the real world is certainly noticeable.
You may not notice if the call was answered automatically and you didn't have your device on you, and the call could be forwarded with acceptable latency so the speech wouldn't be in earshot. Or these days you could use an AI to generate voice and it would sound realistic.
Just because something isn't likely to affect ordinary citizens doesn't mean it isn't possible.