Together with my colleague Matthias Deeg I’ve done some research on several Bluetooth keyboards. This was a follow-up project to our research on wireless desktop sets. In general, Bluetooth-based keyboards seem to be more secure as the wireless keyboards with proprietary protocols. However, when it comes to Bluetooth security, there are some things which need to be taken into account. For me, the most interesting realization was about the trust relationship between paired devices. In some Bluetooth stacks (e.g. Android or iOS) a device can change complete without any waring to the user. For example a Bluetooth headset can turn into a full functional keyboard.
We demonstrated the trust relationship issue by extracting the key and the address from a paired headset and used these credentials to connect as emulated keyboard. In a real world scenario, an attacker might steal the headset and use the trust relationship to compromise the Bluetooth host device with malicious keystrokes.