Re: [Fed-Talk] Bluetooth vs. Security (UNCLASSIFIED)
Re: [Fed-Talk] Bluetooth vs. Security (UNCLASSIFIED)
- Subject: Re: [Fed-Talk] Bluetooth vs. Security (UNCLASSIFIED)
- From: "Timothy J. Miller" <email@hidden>
- Date: Wed, 23 Jan 2008 13:13:25 -0600
On Jan 23, 2008, at 11:21 AM, Peralta, Rex J Mr CIV USA IMCOM wrote:
At the very least, the Army has allowed the use of Bluetooth CAC
readers for
BlackBerries (as noted on the Two-Way Email Device (TWED) list on
AKO), but
not Bluetooth headsets.
It should be noted that the *only* approved Bluetooth CAC readers for
Blackberry do *not* rely on Bluetooth's (weak) secure pairing
mechanism. Both readers use second secure binding established
through an out-of-band channel. The RIM reader uses a SecurID-like
one-time passcode that must be entered on the Blackberry after
Bluetooth pairing each time the reader is used, and the Apriva reader
exchanges an encryption key over a wired USB link when the device is
initially set up for use with a given Blackberry.
Both require additional software on the device to operate, since it's
no longer standard Bluetooth.
Your headset can't do this, which is why it's so trivially easy to
listen in on it.
I have heard whether Bluetooth CAC readers for laptops have been
approved
(or is available, for that matter).
Neither device is approved for anything other than the Blackberry.
-- Tim
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden