Slashdot Mirror
Build Your Own Bluetooth Sniper Rifle
Jim Buzbee writes "I don't think I'd do it, but these guys built a Bluetooth Sniper rifle, went to the roof of a downtown Los Angles skyscraper and pointed it at nearby buildings. See what they found, and if you're so inclined, they'll show how to build your own and maybe, just maybe, you too can snag Paris Hilton's address book." (Which was not snagged via Bluetooth snooping, as the article points out.) This version looks a bit more polished than the one mentioned last August.
After the DC Sniper incident, this gave me a fright as I thought someone has built a bluetooth-guided sniper rifle, which indicates when your bullet is aligned perfectly with your target's bluetooh tag, and those who auto-accept Bluetooth pairing are in trouble.
Seriously though, I wonder how many people do auto-accept BT connections? My PDA only accepts known pairs, so you need to physically talk to me to pair you up for the first time.
The friendly article seems to mentioned the "success" in BT detection, but didn't go in details of successful connection. It's like car thieves claim to detect 20,000 cars in the city centre, but didn't say how many were unlocked.
Rock that crushes, Paper & Scissors that don't matter.
I guess we will see some more Paris Hiltin porn very soon.
-----BEGIN PGP SIGNATURE-----
12345
-----END PGP SIGNATURE-----
From the article:
We decided to quickly conclude the scan, given police activity in the area earlier in the day from a bomb scare.
You too can get shot for looking like a terrorist!
A latent existence
Snoop my Apple Bluetooth wireless mouse and switch the button (singular) to right-click.
It seems like Bluetooth is in almost EVERYTHING these days (the Power Book I recently ordered, my new cell phone, etc. all are enabled). Is this merely an extention of the ubiquitousness of the technology? Or is there some inherent flaw that makes Bluetooth vulnerable? I'm inclined to believe the former -- that a properly secured Bluetooth system would be safe -- but I don't know much about the technology.
Any experts in the house (of course there are, we're on Slashdot!).
This way the secret service could have identified him, he's the guy with the annoying blue spotlight shining out of his ear while yelling "Can ya shoot her now?"
I think the server just got headshot.
he wasn't in Chicago, somehow the thought of some guys up on the top of a building pointing a rifle towards random people probably wouldn't last long with the police...
http://codeus.info
...is human curiosity. Yes, there are many dangers from snooping, and there have been recent reports of prototype Bluetooth viruses - but even upgraded and securer versions of the protocol won't stop the fact that you just won't be able to refuse opening that interesting looking picture somebody is trying to send you.
I've seen it a lot at my school, whereby a particularly dodgy or deprecating picture (no goatse yet, but can't be long) is passed along in the lounges by somebody simply searching for Bluetooth phones and sending a pic, which simply can't be refused ("because it might be something important!!!"). I'd say it's even more tempting to accept a Bluetoothed file than an email attachment, because in Bluetooth you're only getting the bare information about a file (ie, the size of it and file type), whereas you can generally filter out automatically generated email viruses with ease...
The solution is to turn Bluetooth off all the time except when you want to use it (something I do anyway, since it conserves battery power), but a surprisingly large number of people seem to have it on all the time.
Site is dying. Now they're facing the real test: can you use a Bluetooth rifle against a Slashdot attack? There's one Slashdotter... another one... look, over there! But the battle is hopeless, most Slashdotters are secure in their parents' basement.
It's not even funny any more how fast these sites go down. It doesn't do the site owner or us any good - once again, what will it take for Slashdot to implement a mirror system?
For example... this one.
Meep meep
Damn, now all that stands in my way is a few hundred dollars and a drill press. Er, and the ability to actually piece things together successfully *looks wistfully at pieces of failed Van de Graaff machine*
Feed the machine: http://sarak.ca
Shouldn't that be http://www.tomsnetworking.com.nyud.net:8090/Sectio ns-article106-page2.php instead?
And from here, I can't connect..
The other
They made the think look like a rifle with collapsing stock etc... A kid almost got killed outside detroit about a year ago for hanging around on a roof with a paintball gun.
So let me get this straight, if you have your device always on and discoverable you are vulnerable? Jesus, I would never expect that. Next thing you know it will be dangerous to be connected to the web without a firewall installed.
Bluetooth is nice, but the security measure do seem pretty weak, no minimum pin length etc.
ya he mentioned that one...2 4&tid=193&tid=1
but he forgot the time it was mentioned a day after here.... http://slashdot.org/article.pl?sid=04/08/06/22422
seriously folks... get some new news worth reading
http://64.233.167.104/search?q=cache:RUM0Y5_0xhEJ: www.tomsnetworking.com/Sections-article106.php+&hl =en&client=safari
how about instead of sniper rifles in a city, binoculars on a nudist beach ?
why do the best inventions always need to be modified to be better.
Business Voyeur
In other words, users are generally right in their expectance of some form of protection of their privacy. You could argue that BT devices should have been built in a way that would prevent any of that from happening, but it's easy to criticize with hindsight. I think some line in the sand would have to be drawn on this one too, the problem is that it would be technologically ignorant lobbying-prone politicians who would do the drawing. It's enough to look at the case of good, old-fashioned radio scanners to foresee results.
If I build the rifle, can I read their site by bluetooth?
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
...this is idiotic. Not their little invention (which is pretty slick), but their test on top of a skyscraper. Are you really that fucking stupid? A couple of guys with a sniper rifle sitting on top of a tall building is just asking for trouble. Probably doesn't even have a license for it. This is even more stupid than that guy who shined a laser into an airplane cockpit on more than one occasion. I've done some dumb things in my life, but Jesus Fucking Christ. Cops have killed people for less than that.
How exactly do you plan to kill people with a wee beam of blue light?
is it just me
Yes.
It's one thing not to RFA, but to not even read the headline? SO STUPID!
Really, they should of called it something besides a 'Sniper Rifle' I'm sure that'd go down well when the cops ask what you're doing.
."
"Oh i'm just pointing my Bluetooth Sniper Rifle at that crowded building of . .
*insert police beatdown here*
Your hair look like poop, Bob! - Wanker.
How exactly do you plan to kill people with a wee beam of blue light? I dont. But it wouldn't be very hard for someone else to modify the design for more lethal applications.
bash: rtfm: command not found
It would make interesting news if he tried this in, oh, say Washington, DC. He would been carried off the roof in a black rubber bag. I'm surprised downtown LA doesn't have better surveillance. However, I'm sure he'll be getting a visit from the FBI in 5..4..3...
Crazy.
what is the matter with you fucking people? is it so fucking hard to imagine someone modifying the original design for use with a real fucking gun? step the fuck off!
This article shows that "short range" RF technologies such as bluetooth or RFID are only short range in the context of a particular transceiver. If someone wants to access an RF device from a greater distance, they need only build a high-gain antenna.
Two wrongs don't make a right, but three lefts do.
www.tomsnetnotworking.com
Yes it would. Actually it would be easier to buy a rifle
BOOM occurs continuously as the craft is traveling at speeds greater than Mach 1, not just when the craft first exceeds Mach 1. It is not unusual to hear BOOM BOOM or BOOM BOOM BOOM if the craft is low enough.
You know the Tom's Hardware web admin is sitting in a family room somewhere wondering why his pager keeps going off.... Sunday Slashdottings must be one of the most evil things inflictable on a person ;-)
It doesn't seem likely that this would be something I could import into the UK without raising some eyebrows...
Shut up. Just shut up.
My digital rights don't need management.
readsite()
{
buildrifle();
}
buildrifle()
{
readsite();
}
main()
{
buildrifle();
}
An Unexpected error has occured: "Stack Overflow"
Report to slasdot? YES|NO
if you snooped my slashdot login just now, I know you're within 30 meters
you'll recognize me from my baseball bat and my tinfoil hat
There are no atheists when recovering from tape backup.
"slashdot" did 46723723346844684 damage to "innocent webserver" in 1 hit(s) with the "bluetooth sniper rifle"
head: 46723723346844684
body: 0
arms: 0
legs: 0
By reading this, you have given me brief control of your mind.
When connecting something to my phone, I have to enter a pin code. Like my PowerBook, I have to physically tell the phone to allow a contaction via bluetooth, then enter a pin code that the PB gives into the phone to have them conneted to eachother. I even had to enter a pin code into my phone when connecting my headset. So which providers just let anything connect via bluetooth, or am I still open to attack?
-----BEGIN PGP SIGNATURE-----
12345
-----END PGP SIGNATURE-----
True the airwaves are free and many times the courts have supported the rights of individuals to intercept open, unencrypted broadcasts. But the key is the unencrypted and the broadcast. Look at the old satelite dishes, you could latch on to most signals, but if they tried to scramble it then it was stealing.
If it is encrypted, you cannot decrypt it, because it is obviously not yours. If it is not broadcast, i.e. you use RF to gain access to a system and gather information that is not being broadcast, in this case anything other than basic ID info, it is illegal.
On the other hand, courts are also starting recognize leeching WiFi as theft as well, so who knows where this is gonna end up.
If they had made this look like a telescope rather than a weapon, and mounted it on a tripod, they could have pointed it just about anywhere they wanted and nobody would have paid a whole lot of attention to them. The rifle-like appearance only served to make the device look much more dangerous than it was.
There are times when the form factor of a rifle makes perfect sense (rifle stocks for cameras, for example), but many others where it just DOESN'T. This is one of the latter group.
Mal-2
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
Actually, I think thats a perfect name for it.
The dumb shit can't expect to walk around with something like that and expect people to stay calm.
liqbase
Not true
I misunderstood the title of this article, but the idea of putting a bluetooth device on a gun and making it only fire if you are "within range" of your tag sounds like a good idea after the Atlanta manhunt this weekend where the accused stole the gun from a deputy in the courthouse and shot the judge (as well as others). Not a foolproof item, but it might help somewhat.
Normally with a proof of concept you don't actually hack/infect normal people, you do it to your own shit. e.g. you hack into your own server, or the server of a willing victim, not a bank. You infect a computer in a controlled environment so that it does not go out into the wild etc. These guys really opened themselves up to trouble by messing around with real people, not a bunch of their friends in a field.
It doesn't seem very bright to build a rifle-shaped device, and then test it by aiming it from the top of a tall building.
Let me guess, it's powered by a bunch of large batteries, conspicuously wired together in a military-style vest.
Oh like my saying it or not changes the fact that it's true. The guy's an idiot. He's lucky he's not a dead idiot. That's the sort of dumb-ass stunt that can effectively shut down five square blocks of a city and result in said idiot being shot, regardless of if it's a real rifle or a squirt gun.
While the early version was held together with tie-straps and rubber bands, this newest version has a much more professional look.
Yes, the professional hit man look is exactly what I'm trying to have when I'm searching for vulnerable bluetooth devices.
I love my sig.
I understand that using a gun stock makes it look "cooler", but the article makes it seem like it wouldn't work if you didn't put it together in the same way. You really only have to buy the antenna and a connector for your card in your laptop to get it to work fine, its not as mobile as with the gumstick computer, but you could probably mount that gumstick computer on the side of the antenna if you really wanted something that mobile.
That's not how Coral links work. You have to put the ".nyud.net:8090" right after the hostname (or, to express the same thing in another way, right before the first single slash).
o ns-article106. php.
To whit: http://www.tomsnetworking.com.nyud.net:8090/Secti
However, it's not working right now.
If your comment title says 'Re: Foo', I'm not likely to read it.
I thought it was going to be a cheap and easy way to mount a sniper rifle on a powered pan/tilt tripod head and use bluetooth to control it remotely, like Brice Willis did in that lame remake of 'Day Of The Jackal' only with higher geek cred. I was disappointed.
You must think in Russian.
The Infrared camera hack was first reported on Make too.
www.jmagar.com
-
Yes, indeed! Let's make something that looks like a heavy rifle with a scope on it. Then climb up on a skyscraper in downtown LA and start pointing it round at other buildings and pedestrians down on the street, etc.
Double bonus points if Schwarzenegger or some other high profile politician is in town that day.
For a different take on the antenna "gun", check out our "Trackmaster 2000" 802.11/ATV rocket tracking antenna for the PSAS launch vehicle.
<I>An Unexpected error has occured: "Stack Overflow"</i>
Silly snoop! That should have been:
main()
{
readsite();
}
Otherwise you ene up with an infinite loop.
(( sheesh! Some people just don't know how to code! ))
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
It's supposed to be a Bluetooth snooper rifle! Heh!
Guys, don't be stupid. When you call something like this a "sniper rifle" or "bluetooth sniping", then politicians will have an easy time walking all over our civil liberties and banning anything other than government or Microsoft-approved hardware and software. Names like "sniping" and "wardriving" just make political rhetoric too easy.
Call it a "security enforcement sensor" or a "privacy alert device" or "child protection wand" and politicians will have a much harder time banning it and throwing you in jail for using it.
No you would not.
Here's a good reference that explains:
"Depending on the aircraft's altitude, sonic booms reach the ground two to 60 seconds after flyover. However, not all booms are heard at ground level. The speed of sound at any altitude is a function of air temperature. A decrease or increase in temperature results in a corresponding decrease or increase in sound speed. Under standard atmospheric conditions, air temperature decreases with increased altitude. For example, when sea-level temperature is 58 degrees Fahrenheit, the temperature at 30,000 feet drops to minus 49 degrees Fahrenheit. This temperature gradient helps bend the sound waves upward. Therefore, for a boom to reach the ground, the aircraft speed relative to the ground must be greater than the speed of sound at the ground. For example, the speed of sound at 30,000 feet is about 670 miles per hour, but an aircraft must travel at least 750 miles per hour (Mach 1.12, where Mach 1 equals the speed of sound) for a boom to be heard on the ground."
1: In Soviet Russia, the Bluetooth enabled beowulf cluster imagines YOU!, Oh, and collects Paris Hilton's phone numbers. 2: ?? 3: Profit!
I have freaks! I did something right...
I forgot to add: make any such device look like a gigantic Christian cross, not like a sniper rifle. People have a hard time banning crosses and you have a God-given right to point crosses anywhere you please. If it has a Bluetooth antenna at its tip, well, that's just an expression of your religious commitment to communicating with God and your fellow man.
And, whatever you do, don't make it shaped like a 4ft dildo. With sniper rifles, at least the powerful gun lobby will stand behind you. When someone stands behind you while you are pointing a 4ft dildo off a rooftop, it's probably not to protect your civil liberties.
Imagine my disappointment.
Step 1: Assemble Bluetooth "sniper rifle" according to instructions
Step 2: Remove Bluetooth antenna from assembly.
Step 3: Buy real, working, sniper rifle.
Step 4: Cram Bluetooth antenna up Parent Poster's ass.
Step 5: Use actual gun to shoot people.
(Step 5 void where prohibited by law.)
If I were going to build on of those I'd do it in something a little less conspicuous, say maybe a pair of binoculars. A good pair can do range calculations, etch the lenses with cross hairs. You're less likely to get shot at looking someone through binoculars than a high powered rifle thing.
The word "physically" is overused, and you've done it here. To "physically tell" a phone something would be talking to it. You mean you have to command the phone via physical keystrokes.
I've had people tell me to "physically click" on an icon, and that a drag-and-drop will "physically copy" a file from one folder to another on the same hard drive.
Try to keep track of which verbs can and can't happen physically before overusing the word. You'll appear physically smarter.
um... you end up with an infinite loop that way too.
l drifle()... Stack overflow.
main()->readsite()->buildrifle()->readsite()->bui
"'maybe, just maybe, you too can snag Paris Hilton's address book.' (Which was not snagged via Bluetooth snooping, as the article points out.)"
Then why bother mentioning it? Aren't editors supposed to, I don't know, *edit* shit?
AWP whore!
Freedom: "I won't!"
I would hope there wouldn't being legal ramafications. You can kill someone with most things out there, but why should you be responsible for someone else's actions? We're not even talking about someone that purposefully designed a weapon for concealment and quite good ranged kills here. This is just a good antenna that some guy decided to make look like a rifle.
The shape isn't too bad since it's easy to hold and aim that way if you want it to be portable and quick to use. The problem with it is that it does look like a lethal weapon, and that makes using it dangerous. Would've been a better idea to set it up like a telescope on a tripod. Then you still get good portability, but a more stable base.
It may be irresponsible to build a device intended to get you surreptitious access to others people's mistakely considered private data, but no more than that. Perhaps he'll catch some hell for designing an electronic surveillance/eavesdropping device, but I would hope not.
Someone would have to go through some lenghts to make that fatal, too. You would definitely have to pump out a *lot* more power. You'd need a fair bit more than 115VAC@20A(=2300W, 2000W radiant) to saturate a target to lethal exposure at 200m. Your components would all have to be replaced to handle the higher power. You could screw up someone's eyes quick, maybe their bladder over a little time, mess with some guys testes, etc., without much trouble, but near term death isn't likely.
Then again, anybody that can get their hands on a Magnetron can build a more dangerous version of this. Step one: buy a microwave oven. Step two: take it apart for the Magnetron.
Is it just me, or does it seem a little dangerous to be lurking on city rooftops with a very realistic looking rifle, pointing it at nearby buildings? It seems like a good way to find yourself surrounded by very real rifles that fire very real bullets and they are not aiming at your Bluetooth!
There is nothing so powerful as an idea whose time has come.
Yea, but the first way would just go to the original server, not nyud. Once the URL hits the first slash, that's the server you're on.
Information wants to be free.
Entertainment wants to be paid.
You just want to be cheap.
How about a "snooper rifle"?
I hereby place the above post in the public domain.
We could decide that it's not wise to guard a 200 lb unshackled man with a 50 year old woman.
I could have sworn we discussed this on Slashdot just the other day. Go figure. I know I read this story...and since my only source of news is slashdot I must have read it here. I can't find it in the past stories...but I know I read it.
Who is this that even the wind and the waves obey Him? Surely this computer must submit also!
Why would that be irresponsible? The person built a device which sends/receives radio signals via the Bluetooth protocol.
Nothing new here for nearly a century, except that this uses Bluetooth and is not-so-cleverly designed to resemble a sniper rifle (a big fat one, at that).
How is it irresponsible to build something (*anything*), then post instructions about it?
As with all things -- guns, cars, bombs, computers, planes, trains, automobiles, books, rap music -- irresponsibility is in the hands of the user, not the creator.
Is Capitalism Good for the Poor?
Geeks feeling that aligning themselves with gun culture makes them harder, more like big men? If I ever build one of these and want to drive round London with it, you can be sure it will be fluffy, happy coloured and definitely not gun shaped. Surely the gun shape is heavy on the arms? Why not put most of the guts of this thing in a backpack, and run a cable out to a light handheld unit?
Sounds like a really clever way of getting shot to me. Lie on a roof with a gun pointing it at people in the street, you'll get shot or arrested in no time.
.. just gives geeks a reason to get all 'gun-like' in their poses.
there's no reason this project couldn't have been done in the shape of a Happy Fun Ball.
; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
If I was going to stand at the top of a building and point this device at people I'd have *definitely* made it look much less like a gun!
Unless it has twisty grooves going down the barrel.
"Reality is that which, when you stop believing in it, it doesn't go away." - Philip K. Dick
I guess now we know - Bluetooth is the frequency, Kenneth!
:::The Spear in the heart of the Other is the Spear in the heart of You; You are He - Surak of Vulcan:::
Library tower? Obviously the sixth floor window in the Book Depository was already taken.
My other SIG is a Sauer.
hilarious - almost had coffee up my nose
"Our interests are to see if we can't scale it up to something more exciting," he said.
Well, the laws that legalize it are for the best of the animals, but the hunters do it for fun. That's more like it, I think.
Lalala
...his instrument isn't plugged in!
"For a successful technology, reality must take precedence over public relations, for nature cannot be fooled."--Feynman
(-: Perhaps, but the stack isn't as deep when you overflow -- because you skipped a step :-)
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
Your stack size is static, therefore it doesn't matter if you overflow the stack with and (n^n) algorithm or an (n^n)-1 algorithm as you will still exceed that same limit, hence the stack will be the exact same size, either way, when you crash.
However, the joke is seen and that was funny.
tinkering with bicycles is a far healthier hobby I reckon :-) Lots of moving parts to tinker with, and using it gets you fit. 8 miles to work, and back each day gives me regular tinkering with the bike and getting a bit fitter too!