Feb
03
2008

Bluetooth

Pretty benign… Mostly harmless… But, do you really need it?

Our advice is to leave Bluetooth in your phone turned off, until you actually want to transfer files with a friend.

If you leave Bluetooth enabled your battery will flatten quicker and potentially your movements can be tracked (see our Bluetooth in Bath page in the May 2008 archive).

If your mobile is several years old its Bluetooth firmware may be insecure. This means hackers would be able to download your phone book and initiate calls to Premium Rate Lines, without actually touching your phone.

Also several phone Viruses exist that can be transmitted by Bluetooth. For Example : Commwarrior is a worm that operates on Symbian Series 60 2nd Edition devices. The worm is capable of spreading itself via Bluetooth and MMS.

Although the normal transmission range for Bluetooth is normally quoted as 10-100 metres, depending on whether the device is class 1 or 2, the real world figure can be up to 1.2km using a specially modified Bluetooth dongle and a large dish antenna.

Once you’ve got this kit set up, you can use an application like BlueSender to beam small .jpeg advertisements to phones with Bluetooth turned on. You can also monitor peoples movements, if you live near a major road. Even that innocent looking TomTom GPS Satnav is answering Bluetooth requests.

Think about that for a moment… if you combine Bluetooth + GSM data & car number plate recognition you’ve got a very effective tracking mechanism!

Bluetooth Hacking.

For a long time it wasn’t possible (cheaply) to eavesdrop on a Bluetooth exchange between two other devices – in the way you can with WiFi using some clever Linux-based tools.

Bluetooth sniffers have always been exotic devices used by manufacturers of Bluetooth devices to troubleshoot the firmware of their own devices before being released to the public at large. A Bluetooth protocol analyser can easily cost £5000. They cost this much because they sell in low volume, and most of the real value is in the Analysis Software itself.

Last Summer, a researcher proved that the main piece of hardware used in the Frontline Protocol Analyser – which is basically a standard USB Bluetooth dongle with a CSR chipset – could be cloned. By reading out the specialist firmware and uploading it into a standard USB Bluedongle with the CSR Bluecore4-Ext chipset hackers were able to make their own knock-off analysers for less than £20.

You will need to look elsewhere for specific instructions on how to do this, but I will give you these pointers that may come in useful on your quest…

1. The chipset in the dongle you want to reflash has to be Bluecore4-Ext. Bluecore2-Rom & Bluecore4-ROM won’t do! You can see what chipset version your dongle has by booting up a PC with the Backtrack Linux Live-CD and typing ‘hciconfig hci0 revision’. I found that the D-Link DBT-120 Rev C1 dongle had the right chipset. All the other D-Link DBT-120 versions with the Blue & Grey cases were Bluecore2-Ext, but the one with the correct BlueCore4-Ext chipset was Orange & Black.

2. When you find instructions telling you to get DFUtool & bccmd for your version of Linux, ignore that & just use the Backtrack 2 live-cd, as they’re both already on there. Connect the USB dongle directly to the PC when flashing, don’t use a hub or extension lead.

3. Before you can flash the dongle, you need the correct Firmware images & the Windows application itself, they come as a package. When I looked in January it was available on Rapidshare by searching for FTS4BT, in three parts if I remember correctly. Be careful what you download and from where. The main software used with the sniffer runs under Windows, so make sure you scan whatever you download with up to date Anti-Virus software.

4. If you work for a company wanting to use this device, buy it! I don’t condone piracy, but I do understand that interested individuals would never part with £5k for a Bluetooth sniffer, so it really isn’t a lost sale for the manufacturer.

5. Hopefully a fully open-source version of a Bluetooth sniffer will emerge soon…

UPDATE 29-03-2011 – Such a Bluetooth sniffer is now available for $100. Ubertooth

Written by owner in: |

No Comments »

RSS feed for comments on this post.

Leave a comment

You must be logged in to post a comment.

Theme: TheBuckmaker.com Premium WordPress Themes | InMotion, Gesundheit