Friday, 18 May 2007

BlueTooth Security

We all have mobile phones with a BlueTooth wireless capability these days, but what are the risks and the hacking techniques being used against?

Basic Phone Security
Always protect your mobile phone with a pin-lock password, think about the information you have stored on your phone, not just the phone contacts, but records of your calls, text messages and even voice mail, if it's not needed, delete them.

If you ever sell your phone, give it to charity or trade it in, make sure you delete all the information on the phone, there is always a "master reset" option someone within the menus. It's amazing how many second hand phones you can you buy off eBay will the information still intact, pretty scary stuff if it's your private information.

Make sure you do not use 0000 or 1234 as your Bluetooth pin code, it's the first pin codes any hacker will try, and they will get in no matter what phone firmware you are using.

BlueTooth Hacking
The big security weakness with PDAs and Mobiles Phones is from Bluetooth hacking. If you use Bluetooth devices, esp. if you have Bluetooth enabled all the time, you might be surprised about the types of attacks you could face as you walk down the street, drive in your car or while you are at home.

BlueTooth is a short range wireless protocol, therefore BlueTooth devices have a range of generally 10 metres, so you might think any potential BlueTooth hacker would have to be near by to hack in, well this is not necessarily true. Hackers are known to build customised BlueTooth scanners capable of scanning all BlueTooth devices in a range of up to a 1 mile radius.

So what are the types of hacking and jargon names for them.

Sending anonymous business cards to your phone (SPAM). This attack does not access/change details. Usually the sort of thing School kids do to you while you are sharing a train or bus with them on the way to work. Messages can be fun, advertisement or offensive, either way all annoying and needles. To protect set device to non-discoverable mode.

Hackers use a BlueTooth enabled laptop or sometimes a BlueTooth PDA to compromise your phone with an application call BlueSnarfer. This attack can result in Data Theft from the Phone Book, Calendar, Appointments and even Images, your PIN and other codes. To protect, ensure your phone is running latest firmware and switch off Bluetooth broadcast when not needed.

Hackers comphrisme your phone, then secretly intial phone calls from it without your knowledge. Usually the phone calls are to premium rate lines which more often than not are international in nature, thus making money for the attacker. To protect, ensure your phone is running the latest firmware and switch off Bluetooth broadcast.

Car Whisper
My personal favourite type of BlueTooth attack involves cars, these days a lot of new cars have Bluetooth build in for phone use etc, more often than not their Bluetooth service is always broadcasted and the pair code is 0000 or 1234 as default. So it’s fairly easy get into a car's system via BlueTooth, and then use an application called “Car Whisper”, which is used to have the car “speak” any messages typed in by the hacker, which is playback through the car stero speakers to everyone within the car! I think you can see the funny side of this use, however, it might not be too clever if you are speeding down the motorway and you are distracted by your car speaking to you.

Word of Advice
1. Do not use enable bluetooth unless you need to use it
2. Do not use 0000 or 1234 as your BlueTooth pin code
3. Ensure you device (phone) is using the latest firmware (the phone operating system)
4. If you are Car has BlueTooth enabled, check the manual and with the car manufacturer to ensure BlueTooth is properly secured, otherwise one day your car might resemble Knight Rider!


Anonymous said...

Discovering Bluetooth Devices

BlueScanner - BlueScanner searches out for Bluetooth-enabled devices. It will try to extract as much information as possible for each newly discovered device. Download BlueScan.

BlueSniff - BlueSniff is a GUI-based utility for finding discoverable and hidden Bluetooth-enabled devices. Download BlueSniff.

BTBrowser - Bluetooth Browser is a J2ME application that can browse and explore the technical specification of surrounding Bluetooth-enabled devices. You can browse device information and all supported profiles and service records of each device. BTBrowser works on phones that supports JSR-82 - the Java Bluetooth specification. Download BTBrowser.

BTCrawler -BTCrawler is a scanner for Windows Mobile based devices. It scans for other devices in range and performs service query. It implements the BlueJacking and BlueSnarfing attacks. Download BTCrawler.

Hacking Bluetooth Devices

BlueBugger -BlueBugger exploits the BlueBug vulnerability. BlueBug is the name of a set of Bluetooth security holes found in some Bluetooth-enabled mobile phones. By exploiting those vulnerabilities, one can gain an unauthorized access to the phone-book, calls lists and other private information. Download BlueBugger.

CIHWB - Can I Hack With Bluetooth (CIHWB) is a Bluetooth security auditing framework for Windows Mobile 2005. Currently it only support some Bluetooth exploits and tools like BlueSnarf, BlueJack, and some DoS attacks. Should work on any PocketPC with the Microsoft Bluetooth stack. Download CIHWB.

Bluediving - Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, has features such as Bluetooth address spoofing, an AT and a RFCOMM socket shell and implements tools like carwhisperer, bss, L2CAP packetgenerator, L2CAP connection resetter, RFCOMM scanner and greenplaque scanning mode. Download Bluediving.

Transient Bluetooth Environment Auditor - T-BEAR is a security-auditing platform for Bluetooth-enabled devices. The platform consists of Bluetooth discovery tools, sniffing tools and various cracking tools. Download T-BEAR.

Bluesnarfer - Bluesnarfer will download the phone-book of any mobile device vulnerable to Bluesnarfing. Bluesnarfing is a serious security flow discovered in several Bluetooth-enabled mobile phones. If a mobile phone is vulnerable, it is possible to connect to the phone without alerting the owner, and gain access to restricted portions of the stored data. Download Bluesnarfer.

BTcrack - BTCrack is a Bluetooth Pass phrase (PIN) cracking tool. BTCrack aims to reconstruct the Passkey and the Link key from captured Pairing exchanges. Download BTcrack.

Blooover II - Blooover II is a J2ME-based auditing tool. It is intended to serve as an auditing tool to check whether a mobile phone is vulnerable. Download Blooover II.

BlueTest - BlueTest is a Perl script designed to do data extraction from vulnerable Bluetooth-enabled devices. Download BlueTest.

BTAudit - BTAudit is a set of programs and scripts for auditing Bluetooth-enabled devices. Download BTAuding.

Hilfeee,hitzeee said...

A nice bluetooth hacking software for mobiles is btinfo
Connect to other mobiles and read / write sms, phonebook, do callforward, dial numbers and much more!

Great bluejacking tool for mobiles is Blueshoot
Send messages to ohter mobile phones with bluetooth.These dont't have to have blueshoot installad but just bluetooth must be turnde on.
"Auto Shoot",Spy mode" and "Device Filter" includet.

Roger W. Conrad said...