3 replies to this topic

[TheFunk]

I've been on a roll with new projects lately, and just came into possession of a bluetooth adapter for my laptop. I fired the thing up, used apt-get to find some software, and have been playing with some bt tools such as hcitool, hcidump, sdptool, etc for about a day or two now. I've seen a few different attacks involving older bt devices e.g. bluebugging for running at commands, bluesnarfing for sniffing. My question is, has bluetooth been implemented in a more proper manner since then, that these types of attacks wouldn't be effective on the modern bt device? I attempted to Bluebug my Motorola Triumph (running CM7), but there was no serial port or headset (I don't use bt personally) and thus I figured I wouldn't have an attack vector. I then attempted my old phone, an LG Rumor Touch, and found similar results. If anyone has any insight into this, I'd love to hear all the gory details. Also, I'm thinking about writing a bash script to automate the bluebugging/bluesnarfing process, I'll post it when I get the chance/if any of you would be interested.

[Afterm4th]

I've been on a roll with new projects lately, and just came into possession of a bluetooth adapter for my laptop. I fired the thing up, used apt-get to find some software, and have been playing with some bt tools such as hcitool, hcidump, sdptool, etc for about a day or two now. I've seen a few different attacks involving older bt devices e.g. bluebugging for running at commands, bluesnarfing for sniffing. My question is, has bluetooth been implemented in a more proper manner since then, that these types of attacks wouldn't be effective on the modern bt device? I attempted to Bluebug my Motorola Triumph (running CM7), but there was no serial port or headset (I don't use bt personally) and thus I figured I wouldn't have an attack vector. I then attempted my old phone, an LG Rumor Touch, and found similar results. If anyone has any insight into this, I'd love to hear all the gory details. Also, I'm thinking about writing a bash script to automate the bluebugging/bluesnarfing process, I'll post it when I get the chance/if any of you would be interested.

This is not my area of expertise but I do know bt5 has a suite of bluetooth pen testing software

http://www.backtrack-linux.org/forums/tags.php?tag=bluetooth

[TheFunk]

It took me a minute or two, but I think I finally found a tool worth examining. The BluedivingNG.pl tool is a simple text based tool (included in the Backtrack suite that you mentioned Afterm4th) that allows for anything from bluebugging to bluesnarfing. The part of the script that I'm interested in however is the exploits section. There is a section of the script that allows for selecting an exploit/payload, after which you can scan for bt devices and attempt an attack. By process of elimination I should be able to find something that works for one of my phones (hopefully). Seeing as bluediving is a perl script, it shouldn't be too difficult to then examine the exploit used. I hope to do this with several different phones and headsets, so that I can gain a better understanding of where it is exactly that bluetooth is lacking for security.

Edited by TheFunk, 22 July 2012 - 11:08 AM.

[PurpleJesus]

It's still in early development, but the ubertooth shows some interesting possibilities.