Why bluetooth devices don't have password in it?

[JeanPMikhael]

Including wireless mouse, keyboard,, headphones etc,, Bluetooth devices are hackable if kept connected online or didn't forget after u finished session on it

[rippy4500]

It'd probably be annoying to work with and also add yet another point of failure to bluetooth devices.

[whispous]

Someone wanting to take over a bluetooth device needs physical access to it to put it in pairing mode, usually.

[starsmine]

they do?
they are encrypted, and make a new handshake when connected

[porina]

If you mean taking over the Bluetooth connection, that would be very difficult. An encrypted link is created on pairing that will persist whenever the two are connected. If you use an older standard with weak keys, maybe it is more hackable. Also remember Bluetooth is short range so any attacker would have to get close enough to do an attack.

[Motifator]

Newer variations of BT are actually not all that "short range". Think your neighbor can see your devices, and vise-versa.

[wasab]

Bluetooth range is almost as good as a wifi router these days. If hackers can hack network, they can hack Bluetooth as well. Amazon Alexa and smart door lock are vert good target. 

[starsmine]

12 minutes ago, wasab said:

Bluetooth range is almost as good as a wifi router these days. If hackers can hack network, they can hack Bluetooth as well. Amazon Alexa and smart door lock are vert good target. 

hackers can hack anything
Im not saying that to mean one can just be lax with security cause its pointless. but something being secure does not make it unhackable. 

bluetooth is generally secure. 
https://en.wikipedia.org/wiki/Bluetooth#Security

[Godlygamer23]

Some do force passcodes to be typed to connect to the device - my car for example forces it for new devices.

[JeanPMikhael]

10 minutes ago, Godlygamer23 said:

Some do force passcodes to be typed to connect to the device - my car for example forces it for new devices.

Oh propably it's tesla! ❤

[Godlygamer23]

10 minutes ago, JeanPMikhael said:

Oh propably it's tesla! ❤

Nope. Not a Tesla at all, and it's also 11 years old.

[Kisai]

2 hours ago, whispous said:

Someone wanting to take over a bluetooth device needs physical access to it to put it in pairing mode, usually.

Office Workers and Apartment dwellers would beg to differ.

If I turn pairing on, many devices sit there in "I'm listening" mode.

The only devices in that list that are "my" devices are the "Arb" ones which are the Stadia controllers.

[whispous]

7 hours ago, Kisai said:

Office Workers and Apartment dwellers would beg to differ.

If I turn pairing on, many devices sit there in "I'm listening" mode.

The only devices in that list that are "my" devices are the "Arb" ones which are the Stadia controllers.

Yes hence the "usually". You can't see any of the devices that do wait for pairing mode to be activated, and a number of the ones in this picture will want a confirmation code.

[JeanPMikhael]

7 hours ago, Godlygamer23 said:

Nope. Not a Tesla at all, and it's also 11 years old.

Mercedes? :)

[JeanPMikhael]

30 minutes ago, whispous said:

Yes hence the "usually". You can't see any of the devices that do wait for pairing mode to be activated, and a number of the ones in this picture will want a confirmation code.

Ah hidden mode

[whispous]

22 minutes ago, JeanPMikhael said:

Ah hidden mode

 

Not quite.

 

If a device only makes itself available while in pairing mode, it's not "in pairing mode but hidden" the rest of the time.

[BrandonLatzig]

I gotta wonder, what would the point of a password even be?
Someone just..takes control of your mouse? your headset?

[porina]

At my last job, I had to capture Bluetooth audio data over the air to show where problems were. Source, USB, Bluetooth link, end device. To capture Bluetooth data over the air, we had a commercially available Bluetooth logger. Think of it like sniffing Wifi, but dedicated for Bluetooth. So you just turn on the receiver and wait for the data? Nope. To successfully get decoded audio data out of the transmitted data, we had to capture the pairing handshake as well as some details on one end, which we controlled.  With that there was sufficient data to capture the correct data packets and decode them. Unlike Wifi, Bluetooth is frequency hopping so you can't just monitor a single channel.

 

Even in a lab environment that process wasn't 100% successful all the time, and it can take several goes to get the right data logged. If you're 10m away, the nominal line of sight range of standard power Bluetooth, you'll be lucky it works at all.

 

Maybe smarter people with better optimised gear (directional antenna) could do better than that. But already this is far from trivial. If you're attracting that sort of attention, you have bigger things to worry about than Bluetooth.

[wanderingfool2]

17 hours ago, JeanPMikhael said:

Including wireless mouse, keyboard,, headphones etc,, Bluetooth devices are hackable if kept connected online or didn't forget after u finished session on it

They do in effect have a password...it's just not an user provided one.

 

For ones where you have to enter pairing mode, that's when the passwords are effectively communicated.

For others that are always waiting to pair, like some TV's...a quick passphrase/code is put on the screen where you  have to put it into lets say your phone.  It's that that confirms the correct system is being pair [and from there the devices do essentially a key exchange aka password which is used for future communication].

 

 

That's not to say that there can't be exploits with bluetooth, just that it's more likely device  specific exploits you need to find.

 

15 hours ago, wasab said:

Bluetooth range is almost as good as a wifi router these days. If hackers can hack network, they can hack Bluetooth as well. Amazon Alexa and smart door lock are vert good target. 

Not really...you have to find an active exploit in order to do that.  At that stage it would be easier to just smash the window to get into the house.

 

2 hours ago, BrandonLatzig said:

I gotta wonder, what would the point of a password even be?
Someone just..takes control of your mouse? your headset?

Well the biggest one would be if it's done with a keyboard, then you would essentially run an application to essentially gain control of their computer...from there you effectively have a spying device on the persons computer.

[rickymohk]

Because that wouldn't be practical in all circumstances. Bluetooth has a very wide variety of usages. So it is better to leave the decision to developers rather than enforcing password policy in Bluetooth standard to cater different use cases. In some use cases you might prefer faster, simpler connection procedure instead of the little to none extra security. In most cases, if you find someone connected to your devices, you might just disconnect it or turn it off. Most devices aren't useful or no harm can be done if the "user" who connected to them don't actually possess them anyway. Those are the cases which developers might opt for a simple unauthenticated connection. For use cases where higher level of security is required, developers can always go for the PIN code approach or even implement proprietary authentication in firmware.

[thrasher_565]

its like maximum over driver there coming for us...

my mp3 phone gets notices to pair to ipods... but i take the bus...

[Blasty Blosty]

There are password-protected Bluetooth connections for those that need it, there is a PIN required on the handhelds that I use at work.