Jump to content


Photo
- - - - -

Bluetooth Attacks?


  • Please log in to reply
3 replies to this topic

#1 TheFunk

TheFunk

    SUP3R 31337

  • Binrev Financier
  • 186 posts
  • Country:
  • Gender:Male

Posted 17 July 2012 - 10:22 AM

I've been on a roll with new projects lately, and just came into possession of a bluetooth adapter for my laptop. I fired the thing up, used apt-get to find some software, and have been playing with some bt tools such as hcitool, hcidump, sdptool, etc for about a day or two now. I've seen a few different attacks involving older bt devices e.g. bluebugging for running at commands, bluesnarfing for sniffing. My question is, has bluetooth been implemented in a more proper manner since then, that these types of attacks wouldn't be effective on the modern bt device? I attempted to Bluebug my Motorola Triumph (running CM7), but there was no serial port or headset (I don't use bt personally) and thus I figured I wouldn't have an attack vector. I then attempted my old phone, an LG Rumor Touch, and found similar results. If anyone has any insight into this, I'd love to hear all the gory details. Also, I'm thinking about writing a bash script to automate the bluebugging/bluesnarfing process, I'll post it when I get the chance/if any of you would be interested.

#2 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 399 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 17 July 2012 - 07:39 PM

I've been on a roll with new projects lately, and just came into possession of a bluetooth adapter for my laptop. I fired the thing up, used apt-get to find some software, and have been playing with some bt tools such as hcitool, hcidump, sdptool, etc for about a day or two now. I've seen a few different attacks involving older bt devices e.g. bluebugging for running at commands, bluesnarfing for sniffing. My question is, has bluetooth been implemented in a more proper manner since then, that these types of attacks wouldn't be effective on the modern bt device? I attempted to Bluebug my Motorola Triumph (running CM7), but there was no serial port or headset (I don't use bt personally) and thus I figured I wouldn't have an attack vector. I then attempted my old phone, an LG Rumor Touch, and found similar results. If anyone has any insight into this, I'd love to hear all the gory details. Also, I'm thinking about writing a bash script to automate the bluebugging/bluesnarfing process, I'll post it when I get the chance/if any of you would be interested.


This is not my area of expertise but I do know bt5 has a suite of bluetooth pen testing software

http://www.backtrack...p?tag=bluetooth

#3 TheFunk

TheFunk

    SUP3R 31337

  • Binrev Financier
  • 186 posts
  • Country:
  • Gender:Male

Posted 22 July 2012 - 11:06 AM

It took me a minute or two, but I think I finally found a tool worth examining. The BluedivingNG.pl tool is a simple text based tool (included in the Backtrack suite that you mentioned Afterm4th) that allows for anything from bluebugging to bluesnarfing. The part of the script that I'm interested in however is the exploits section. There is a section of the script that allows for selecting an exploit/payload, after which you can scan for bt devices and attempt an attack. By process of elimination I should be able to find something that works for one of my phones (hopefully). Seeing as bluediving is a perl script, it shouldn't be too difficult to then examine the exploit used. I hope to do this with several different phones and headsets, so that I can gain a better understanding of where it is exactly that bluetooth is lacking for security.

Edited by TheFunk, 22 July 2012 - 11:08 AM.


#4 PurpleJesus

PurpleJesus

    Dangerous free thinker

  • Members
  • 1,578 posts
  • Gender:Male
  • Location:800

Posted 01 August 2012 - 11:08 PM

It's still in early development, but the ubertooth shows some interesting possibilities.




BinRev is hosted by the great people at Lunarpages!