Injecting Audio Into Insecure Bluetooth Handsets

vandon writes "Linux hackers have demonstrated a way to inject or record audio signals from passing cars running insecure Bluetooth hands-free units. The Trifinite group showed how hackers could eavesdrop on passing motorists using a directional antenna and a Linux Laptop running a tool it has developed called Car Whisperer."

Top secret info

[gcnaddict]

I wonder how many government officials in DC using insecured headsets will be caught off-guard by this?

Re:Top secret info

[stecoop]

Zero.

Your title Top Secret info, then anyone that has that kind of clearance know that you cant talk on an unsecured line in an unsecured environment. If you mean getting caught talking nasty to your intern on a cell phone then all bets are off.

Re:Top secret info

[gcnaddict]

If you mean getting caught talking nasty to your intern on a cell phone then all bets are off. thank god you saw the hidden meaning :P

Re:Top secret info

[datadriven]

I wonder if this would qualify as an end run around the subpoena needed for a wire tap?

Re:Top secret info

[GlassUser]

I wonder if this would qualify as an end run around the subpoena needed for a wire tap?

Pretty sure you don't need a subpoena to collect and submit evidence that's been released to or broadcast in the public domain.

Re:Top secret info

[Doc+Ruby]

Yes, of course everyone with Top Secret clearance is absolutely discreet with the info they handle.

Everyone knows that "government employee" == "perfectly competent".

Re:Top secret info

[MoralHazard]

No, it wouldn't. The 4th Amendment to the U.S. Constitution, which has been interpreted to mean that the government can't look/listen in on you when you have a "reasonable expectation of privacy".

So the cops and the FBI aren't allowed to tap your phone on demand. They need to obtain a warrant first, from a judge. (FYI: it's not a subpoena--you get a subpoena to compel someone else to do something, while you get a warrant to demonstrate that you've satisfied a judge that you've met a certain standard.)

But they're also not allowed to put a tape recorder in your house to tape your phone calls, unless they get a warrant. Any method of tapping phone conversations, regardless of HOW it works, is considered an invasion of your expectation of privacy.

This gets more complex when we take into account federal wiretapping laws, but the short version is that law-enforcement people in pursuit on an investigation are exempted from wiretap laws IF they have a valid warrant. So if the cops are tapping your phone without a warrant, they have more to answer for than getting the evidence tossed out in court--they could go to jail.

That doesn't mean it doesn't happen, though.

Re:Top secret info

[Digital11]

According to a buddy I have who works for DISA, the spooks have been able to remotely monitor secured bluetooth hedsets via a PCMCIA device in a laptop that decrypts the conversation in real time for quite a while.

Re:Top secret info

[jacem]

The other issue that you have to take into account is the expectation of privacy. This came up with e-mail a while back. There is no expectation of privacy in an e-mail so you don't need a warrent to get them. If enough cases come down that show that cell phone conversations can be scanned then the expectation of privacy on a cell phone call will be lost. The same is true of any communication medium.

JACEM

Re:Top secret info

[quickword]

Is that the guy with hair, and hands? He must be related to the guy who spilled the beans about the faked moon landing.

In all seriousness, I don't doubt for a second that clandestine agencies have this capability. I just laugh at this "I have a friend who is in the know" stuff. Almost as hilarious as "an unnamed administration official..."

Re:Top secret info

Actually, I get the feeling that there is more classified information intentionally "leaked" at that level than there are instances of individuals "accidentally" leaking it.

Re:Top secret info

[stecoop]

Do you think a simple goverment employee will risk 20 years in bang me in the a$$ federal prison talking to a girlfriend about this cool laser they they're working on that happens to be attached to a shark.

No if there is a leak, odds are it is a way to flush out moles or some covert attempt to see where the information is going and how the public reacts to it (aka more money for some security agency).

Re:Top secret info

[Doc+Ruby]

If you base your sensibility of government secret keeping on movies, maybe you're right. But in reality, government secret keepers breach protocol all the time. As you'd see if you looked at any of the links I pointed to in my post. Karl Rove's disclosure/confirmation of Valerie Plame's secret CIA/WMD agent status was not made to a reporter over a secure line. Whoever gave Rove the info did not stick to security protocols. If you're paying attention, you know that government security leaks are often, if not usually, either deliberate campaigns, or eavesdropping on insecure channels. Like listening in on phone conversations. I really don't know why you think that secrecy and leaks are reliably in the service of security integrity.

Re:Top secret info

[stecoop]

I think you typed the reply fast. Are you saying that the government is conspiring against it's self or that the security agencies unwarrantedly and illegally monitor communication channels? (yes I can read it but I am trying to get your core message)

Either way when you talk about high-ranking politicians, there are different rules to play by - they're mistakes are cover-ups. As for some goofy shmuck getting caught releasing government secrets via a blue tooth line is someone you'll never hear about again. For the high level politics, I know that a lot of info isn't released and it is hard to understand the 'how' let alone the 'why' of some leaks. I speculate that most of the time is a simple political maneuver to gain power over a rival.

Re:Top secret info

[Doc+Ruby]

I reread my post, and I don't see what's confusing or unclear. "The government" isn't a single entity. It's lots of people, some more sync'ed with each other than are others. Competition, to some degree, is built into most parts of it. So leaks, and "fake leaks" (disinformation) are used all the time to accomplish political goals. That's how "the government is conspiring against itself". One very serious recent example is the Senate Republicans on the Judiciary committee spying on the Senate Judiciary Democrats email server for over a year. Then circulating that info to defend Republican activity from planned Democrat defenses. But lots of spying, leaking and other breaches of secrecy are part of how the government operates. That doesn't make any of it acceptable: it's one reason why the government is so bad at representing Americans, getting things done, handling our tax money effectively. But until you realize how much of it happens, even just by judging how much makes it through the media, you can't really make your own decisions about how leaky the government security systems really are.

Re:Top secret info

Actually, the conversation/exchange can be recorded,and cracked later, especially if it does not yield to dictionary attack right up, or you ping the device some funky 'factory diagnostic code' that ponys up the lot, or it is snagged at the exchange.

Listening in on phone calls is frowned upon, unless you have clicked on a EULA agreement that says otherwise - read the fine print.

Sensitive or not, weak spots will be sought out. Early PDA's, Early WiFi, Early wireless keyboards, Early Backbury, and implemented in places where they should not. What has been discovered is that mobile phones are low tech crap devoid of real security, and the accessories don't cut the mustard.

Breaking in on other peoples conversations is dead easy - really loud car speakers, and by removing shielding around the amplifier. Adding copper loop antennas on fibreglass doors, can drive other car speakers and headphones, or receive same...

"Can you hear me now?"

[flatface]

"Yes we all can."

Re:"Can you hear me now?"

[Nytewynd]

Some people don't appreciate good humor...

Re:"Can you hear me now?"

What idiot moderated the parent 'Offtopic?' Sure, if you didn't find it funny then feel free to moderate it 'Overrated' or something, but it's COMPLETELY on topic! Did you bother to read the story/article before you moderated, or did you just feel the need to slap someone down?

Jeez.

Re:"Can you hear me now?"

[reklusband]

That's actually a VERY ontopic comment, it's referring to verizon cell phone ads using the verizon guy, while saying that people on cell phones using bluetooth are subject to this vulnerability so we can all hear what they are saying. Actually it's funny, this is the only modded comment I've seen.

Re:"Can you hear me now?"

Yeah, we're all behind you flatface. That was hilarious. Keep being funny and avoid the slashdot trolls at all cost!

Re:"Can you hear me now?"

Flatface, that was funny as hell, man. I don't know what this moderator's problem is. You are one funny man. I almost pooped my pants when I read that. In fact, I bet if we took a poll, most of the people here without moderation points would say that they almost pooped their pants when they read that. You should come out with a book of your Slashdot one-liners, you are so funny.

Keep up the good work, man; keep the funny shit rollin. Don't let this one get ya down, just take it in stride, man... take it in stride. We're all brothers with you in the struggle against Slashdot moderation tyrrany.

Word.

Re:"Can you hear me now?"

[tolkienfan]

Offtopic?

What the hell is wrong with the mod?

That was +5,Funny

Re:"Can you hear me now?"

[donleyp]

ROFL! Mod's got his head up is arse!

Re:"Can you hear me now?"

We do. But what has that got to do with the OP?

Re:"Can you hear me now?"

[carlos_benj]

I almost pooped your pants when I read it......

cool but also meh

[tomstdenis]

it is afterall a device using homebrew crypto.

If they had a proper AES-CCM or GCM core in there the channel would not only be private but authenticated.

Instead they opt for some homebrew crypto design that amazingly enough is not secure.

Tom

Re:cool but also meh

Is this a problem with only some Bluetooth headsets, or all Bluetooth devices? I get the impression all. It amazes me that a tech can get this far with such a glaring deficiency. At least at home with a keyboard you're probably far enough away from any eavesdroppers too avoid being seen. With these in-car headsets (and the expensive factory speaker/mic systems) this is a real problem that, had basic security been taken into consideration, should not be.

Re:cool but also meh

[tomstdenis]

I dunno about all.

My understanding of Bluetooth is that it CAN be used properly just as implemented it isn't.

If you're security cautious you'd use a normal usb or ps/2 keyboard.

Tom

Re:cool but also meh

[POPE+Mad+Mitch]

This is not a weakness in the protocol or the crypto used. Its about manufacturers cutting corners.

This works on devices which do not need to be put into a special mode to be paired, and which are using a fixed same-for-every-unit pairing password.

this software just requests a pairing with every handsfree device it sees, and tries the standard password. If the device had bothered to need physical confirmation for pairing (like any decent headset) or used a random printed-on-the-box password then this wouldnt be happening.

this also isnt about just listening in on other peoples phone conversations, its about listening to ANY conversation, as once you have paired with the device, if it is for example an in car hands free device, you can turn on the microphone and listen to anything said in the car cabin.

Re:cool but also meh

[Laura_DilDio]

Yeah, and the richest man on the planet built his empire with insecure software!

It amazes me that a tech can get this far with such a glaring deficiency.

Yah!

Re:cool but also meh

[MindStalker]

Thing is if you add security you would have to add some type of password auth, which of course most customers would have trouble with the simplist kind of auth and return the product or harrass customer support. Apparently the auth in this would be limited to a numeric password printed on the headset box that would have to be entered into the connecting device the first time it communicated.

Re:cool but also meh

[wwest4]

This particular toool relies on guessed or known keys, so the crytpo and a more associativity scheme don't make any difference (in this case).

Re:cool but also meh

[jacem]

They are pritty much trapped in the model that they are using, if they what out of the box interopablilty between devices because most of these units have no way of entering a password (no general interface what so ever.) So how do you enter a personal password in your headset and your cell phone. Your cell phone at least has a keypad. but your bluetooth mp3 player propably does not.

JACEM

Oh noes! They could illegally

[Weaps]

Record music! And these unsuspecting drivers could run afoul of the RIAA while the pirates who illegally recorded the Intellectual Property would get away scot free!

Madness I tells ya!

I can see it now

[up2ng]

Standing on a overpass speaking to a passing car, "Hey you! Look out for that tree" or "Kent, This is God, Stop Touching That !"

Childhood stuff never gets old

Re:I can see it now

[Rosco+P.+Coltrane]

Standing on a overpass speaking to a passing car, "Hey you! Look out for that tree" or "Kent, This is God, Stop Touching That !"

You know, that joke isn't new: I remember reading about a bunch of kids in Europe who went on an overpass with a small FM transmitter, tuned it to the local "highway traffic info" channel (above 107.0 FM or something) and started reporting a "major accident, extreme caution advised at mile marker such-and-such, you're required to slow down immediately" etc etc... in order to cause a traffic jam.

Trouble is, they caused a big accident because some guy slammed on the brake and all the others behind rear-ended him, and the kids got caught. Perhaps your idea of a joke isn't such a good idea after all then :-)

Re:I can see it now

[jav1231]

See! Some practical uses! I like it.

Re:I can see it now

So broadcating news from the future is illegal?!?

They *said* there was a major accident, and lo and behold! A major accident occurs right where they said it would!

Miss Cleo should be hiring them!

Re:I can see it now

[pete6677]

some guy slammed on the brake and all the others behind rear-ended him

I say we execute morons like this before they kill anyone else.

Re:I can see it now

[idontgno]

Tragedy is when I cut my finger. Comedy is when you fall into an open sewer and die. -- Mel Brooks

Solution: Encryption

[Zweideutig]

Have proper encryption between hand set and the transmitter/receiver. This may make hand sets more expensive, as a small computer in both the headset and the transmitter/receiver unit would be required, but it should eliminate this problem.

Re:Solution: Encryption

[tomstdenis]

You're kidding right? Crypto can be done in hardware as well....

Disclaimer: I work for soft-core crypto company ;-)

Granted an embedded ARM could do crypto too, an embedded GCM core could do it with less power/area usage.

And since you only need kbps not gbps the clockrate is very low reducing the area, etc...

Tom

Re:Solution: Encryption

Either know the something about the subject matter (Bluetooth) or RTFA. Bluetooth links are encrypted, and this hack isn't built around cracking that encryption. Instead, it relies on "authenticating" to a handsfree system that is not currently in use. How does it "authenticate" you ask? It tries several of the known static passwords that these systems use.

Re:Solution: Encryption

[karnal]

Disclaimer: I work for soft-core crypto company ;-)

So does that mean you work for the "Spice Channel" of the Crypto industry??? :)

Re:Solution: Encryption

[tomstdenis]

I walked into that ...

ok "soft-core" means you license hardware designs but don't actually make chips or standalone chips. ... nonetheless I totally walked into that..

Tom

Re:Solution: Encryption

[d34thm0nk3y]

This may make hand sets more expensive, as a small computer in both the headset and the transmitter/receiver unit would be required, but it should eliminate this problem.

You're kidding right? Crypto can be done in hardware as well....(snip)..an embedded ARM could do crypto too, an embedded GCM core could

You realize that both of your counter-examples actually are small computers right?

Simple Fix

[mekkab]

make Linux illegal.

Whats the problem? I expect a bill to be passed in the next year.

text of TFA

[pair-a-noyd]

Car Whisperer
The carwhisperer project intends to sensibilise manufacturers of carkits and other Bluetooth appliances without display and keyboard for the possible security threat evolving from the use of standard passkeys.
A Bluetooth passkey is used within the pairing process that takes place, when two Bluetooth enabled devices connect for the first time. Besides other public data, the passkey is a secret parameter used in the process that generates and exchanges the so-called link key. In Bluetooth communication scenarios the link key is used for authentication and encryption of the information that is exchanged between the counterparts of the communication.
The cw_scanner script is repeatedly performing a device inquiry for visible Bluetooth devices of which the class matches the one of Bluetooth Headsets and Hands-Free Units. Once a visible Bluetooth device with the appropriate
  device class is found, the cw_scanner script executes the carwhisperer binary that connects to the found device (on RFCOMM channel 1) and opens a control connection and connects the SCO links.
The carwhiperer binary connects to the device found by the cw_scanner. The passkey that is required for the initial connection to the device is provided by the cw_pin.pl script that replaces the official Bluez PIN helper (graphical application that usually prompts for the passkey). The cw_pin.pl script provides the passkey depending on the Bluetooth address that requests it. Depending on the first three bytes of the address, which references the manufacturer, different passkeys are returned by the cw_pin.sh script. In quite a few cases the preset standard passkey on headsets and handsfree units is '0000' or '1234'.
Once the connection has been successfully established, the carwhisperer binary starts sending audio to, and recording audio from the headset. This allows attackers to inject audio data into the car. This could be fake
  traffic announcements or nice words. Attackers are also able to eavesdrop conversations among people sitting in the car.
Ideally, the carwhisperer is used with a toooned dongle and a directional antenna that enhances the range of a Bluetooth radio quite a bit. (see Long-Distance-Snarf experiment)

Re:text of TFA

[Linker3000]

"...sensibilise.."

They are also mangleiseing the English language

Re:text of TFA

[TheSneak]

It's a perfectly cromulent word. Perhaps you're loosing your perspecacity? :P

Proving once again.....

...that we have to too much time on our hands. People are overfed and underworked. Evolution once again needs to take a few passes on us to thin the herd.

Re:Proving once again.....

[nitelifer]

I hope it's your turn then

List of which kits are susceptable

[Se7enLC]

Thank you to the fine people of trifinite.org for not listing off which handsfree devices they found to be secure and which they found to be insecure. Now I guess we'll all just have to wait until we're hacked to find out if we bought the right one.

These guys seem to be pretending to be doing it for the good of the industry, but their site seems to list a lot of Bluetooth Hacks & Attacks. And they didn't seem to have made any effort to contact vendors to get the problem corrected, either.

Re:List of which kits are susceptable

[spidrw]

Just look in your manual. I just got a headset and surprise surprise..."your passkey to input to your phone/computer will be '0000'" When I first saw that I figured it was a dumb idea...just had it proven to myself.

Re:List of which kits are susceptable

[derphilipp]

I've seen a demo of these guys "hacking" bluetooth cellular phones at the Linuxtag. Somebody asked which cellular phones are safe. The answer was "Siemens" (unfotunately they don't produce cellular phones any more). Nokia should also be ok. Sony Ericson are the worst in security (if I remember correctly)

Re:List of which kits are susceptable

[winkydink]

The Siemens brand will be used by BenQ for the next 5 yrs, much like Lenovo and IBM. SE has BT turned off by default. How can that be poor security?

Re:List of which kits are susceptable

[SimilarityEngine]

I had exactly the same experience with my headset, which was bought for me for my recent(ish) birthday. Defaults to 0000 (same as you!), and there is no way of changing it. Grrrrr. I honestly can't understand the mentality of some manufacturers - hopefully this will be a kick up the butt for them.

I wonder, would it be feasible to have the phone and headset agree on a new random PIN after the first successful connection? Obviously with a reset switch on the headset to take it back to the default. Does anyone have a headset which does something similar?

Re:List of which kits are susceptable

[ostiguy]

If the problem is with the standard, how else should they proceed? It isnt specific to one manufacturor - the industry has learned NOTHING from the 802.11 mess (wep, etc), and keeps making CRAP

ostiguy

Re:List of which kits are susceptable

[Hast]

I doubt they used this attack against mobile phones as it's completely useless against them.

AFAIK most other attacks depend on "bloopers" in the Bluetooth spec. which allow you to pull data from the phone without authenticating. (It's fundamentally a problem that AFAIK no mobile phones have implemented a proper security manager, all just use the static "all on or all off" security which is mandatory.)

I would imagine that SE phones are "more vunerable" since they actually implement a lot of Bluetooth profiles.

Re:List of which kits are susceptable

[OmnipotentEntity]

Yeah, right, you saw what happened recently with Cisco, describe what you did and what you did it to and you'll have a cease and desist notice faster than you can say, "Lawyer'ed." And in the end, it's not trifinite.org's responsibility to make sure that companies keep their technologies secure.

Here's an idea. Try to hack your bluetooth yourself. If you can, return it.

Re:List of which kits are susceptable

[Technician]

Now I guess we'll all just have to wait until we're hacked to find out if we bought the right one.

Finish reading the article.. Does you device allow you to enter your own passkey? Does your device allow you to reject connection attempts? If your device has no user interface, then it probably is vunerable.

Re:List of which kits are susceptable

[ezzzD55J]

These guys seem to be pretending to be doing it for the good of the industry, but their site seems to list a lot of Bluetooth Hacks & Attacks. And they didn't seem to have made any effort to contact vendors to get the problem corrected, either.

Don't be too tough on them. I saw their demo at WhatTheHack last weekend. After the session I asked which brand to buy for security, and the reply was that Nokia had done a good job of making up for their mess. Also their story at the time was that they test a lot of bluetooth stuff for the industry, working with the industry to find holes before phones go to market (not quite sure of the timing, but I am sure that they cooperate).

Re:List of which kits are susceptable

[vertinox]

And they didn't seem to have made any effort to contact vendors to get the problem corrected, either.

It takes a lot more than one persons website to make a company change a technology that they have spent millions of dollors of R&D and marketing on. Perhaps, thousands of customers complaints or a prominent news article. Not saying what they are doing is right (or wrong), but realistically burden of resolution lies with the company itself if they wish to take action.

It only takes one to get caught-off guard...

[HomerJayS]

...and then Congress will pass a knee-jerk law banning Bluetooth.

Re:It only takes one to get caught-off guard...

[X0563511]

And we will make a new standard very similar, with less of a silly name.

Only a slight hiccup us geeks' "PLAN FOR WORLD DOMINATION"

And I thought driving and using a cell was unsafe

Now I have to point a directional antenna and debug my laptop software too?

Acura TL

[dcarey]

I've got an Acura TL. Bluetooth in it of course. So how does one secure a built-in bluetooth system? Take it to my dealer for a virus scan? Drive around a local university trolling for pseudohackers? Bust into the OS, whatever it's running, and slap some Linux distro on it (well the car won't run in that case, but hey, it's a certainly a functional $35,000 Linux Box!)

Re:Acura TL

But look on the bright side, if your car runs Linux, it wont crash anymore.

Re:Acura TL

[PriceIke]

Cop: "Do you have any idea how fast you were going?"

You: "About 2.5GHz."

Re:Acura TL

Yeah, it won't crash, but you'll have to get each piece from a seperate vendor and put them all together yourself

Re:Acura TL

"So how does one secure a built-in Bluetooth system? Take it to my dealer for a virus scan?"

Seriously. WTF.
You probably meant to say: "How does one determine if their system is vulnerable?"

Because running a virus scan will secure NOTHING (Even IF it were possible to run a virus scan on a car Bluetooth system, it's really a non-issue because hands-free Bluetooth device virus don't exist.) Regardless of the fact we are talking about a car hand's-free Bluetooth module here, there is no virus. The article was about people using their laptops (with attached high gain BT antennas) to hack into the device using security holes in the device's design.

(Talking more about PCs now)
And besides, running a virus scan will solve nothing in situations where the security flaw is caused by a manufacturer's design flaw. Yeah it may have removed a virus (if one exists), but the hole is still there to let it back in. It's like someone with a hole in their sinking boat saying "It's ok...i fixed the problem. I bailed all the water out of the boat. We're fine now." ...um..no you're not, the hole is STILL THERE. PATCH THE HOLE.

And in this article's situation, the security flaw would have to be fixed by the manufacturer and couldn't be fixed by the end user. (Unless they just stopped using it and had it deactivated/turned off)
</calm>

<Annoyed>
<RANT, (& can be ignored.)>
I'm soooo sick of people thinking that my fixing the symptoms of a problem will fix the root cause of the problem.
If you have a headache, don't take Aspirin... Find what's causing your headache, and avoid it!
I can't tell you how many student's I had to explain this to when I worked for my school's IT department.
They just couldn't understand that just because they ran MacAfee/Norton and Windows update ONCE, doesn't mean their system is safe forever. And that just because they ran Linux or a Mac doesn't mean they are not vulnerable to hackers, viruses, or the like.
Other things they just couldn't understand:
1. Virus Defs originally installed are usually at least a year old and are not up to date.
2. Virus Defs need to be constantly updated to keep your PC safe.
3. MacAfee/Norton doesn't patch Windows security holes (which can & will allow baddies right back in).
4. PC Distributors RARELY install the latest OS/software patches when they build their systems.
5. Running Windows Update ONCE won't patch for all future flaws found.

Grrr. (At the student's for being dumb.)
Grrr. (Again because they STILL just didn't care, and still didn't update defs & patch Windows.)
Grrr. (Yet again for when they yelled AT ME for their internet connection getting suspended because they were reinfected.)
ARG.
Sorry, that just hit a chord and made me flashback to when I had to deal with DUMB students. Freshmen were the WORST.
They didn't know, didn't care, didn't know to care and didn't care to know. Just plain dumb.
</Annoyed>

Ok. I'm finished. :-p
</RANT>

Re:Acura TL

[Not_Wiggins]

The Acura TL (at least, the 2005 model) has a security feature that disables Bluetooth until you want it enabled by speaking the 4 digit code at car start-up. Most drivers have it turned off because it is a pain to enable it everytime you start the car... but if you're that paranoid about someone hacking the bluetooth on your car when you're *not* using it, this feature is easily disabled. Check the HandsFreeLink section of your owners manual.

Re:Acura TL

The virus scan line was a simple jest. I should have put a disclaimer at the bottom, seeing as though how pedantic some slashdotters can be.

Re:Acura TL

[dcarey]

I have paired a phone, but I did not know about the disabling feature. Seeing as though I have to enable to phone to be discoverable anyway by pressing a couple of buttons when I enter the car (after a minute of no communication from the car, the phone turns the bluetooth off), it would not be a pain for me to use the enable/disable step you mentioned. Better safe than sorry -- and thanks for the tip!

Correction: Solution: Encryption

[Zweideutig]

I mean a more powerful CPU that can handle proper encryption, rather than some proprietary encryption that has not been well tested and is easy to crack.

Re:Moderation messed up

[DigitumDei]

I get the feeling the mod points arn't being handed out at all. I usually get mod points every other day, yet haven't had since last week.

Like we want to hear

[blueZ3]

some yuppie soccer mom discussing her kid's brilliant school career with grandma.

Count me out on the "evesdropping on car phone conversations," thanks. :o)

Re:Like we want to hear

[Rude+Turnip]

That or her scheduling a rendezvous with the pool boy...and I'm not talking about the peer discovery protocol aka zeroconf ;-)

Re:Like we want to hear

[Clover_Kicker]

Heh. How about hanging around the financial district snooping for stock tips?

Re:Like we want to hear

Yes, because only soccer moms drive cars and use mobile phones.

Err, what?

They did this first with horses

Their Horse Whisperer product let you eavesdrop on the hay digestion of Bluetooth enable equines.

Re:Moderation messed up

[stevey]

And todays new poll has no comments allowed - just like what happened to the previous one for the first few days.

Something must be broken/breaking ..

butt set

[vinn]

When it comes to eavesdropping, I prefer my method of butt sets on 66 blocks. It doesn't require as much thought.

Re:butt set

You said "butt".

Re:butt set

[HermanAB]

I wonder if anyone else on Sloshdat knows what a Battenski Telephone is... getting old I guess.

Re:butt set

[Migraineman]

The Harris Dracon TS-21 rules, but alas, it's not available anymore. The TS-22 is a close second. Harris' tools division is now part of Fluke Networks, and their selection of butt sets can be found here.

Re:butt set

[invisigoth]

Hehehe. You said butt sets

Re:butt set

[xlogan]

I've got one at my office ;-)

Device must be in paring mode

[timgoh0]

From what i understand of the article, your bluetooth device must be explicitly set to the pairing/discoverable mode. This is not on by default

On my Jabra BT800 headset, i have to push a recessed button to bring the device to this mode. After the headset is paired, it is no longer discoverable, nor does it accept parings from other devices.

Re:Device must be in paring mode

[Lewisham]

Yes, while this is true of Jabra headsets, it might not be true of the Crapposan you bought from Taiwan off eBay.

I guess there must be some headsets out there that are always in a state ready to be paired, or this attack would never work.

Re:Device must be in paring mode

[GodGell]

i have a jabra bt200 and will do some experiments with it someday.
anyway. yesterday as i was sitting on a bus on the way home from drumming school, i disconnected my phone from the bt200 so that i can do a scan for other devices and i found another phone (named "Hayat", no idea what that stands for). i tried to connect to it loads of times with passkey 0000, and most of the time it just said bluetooth connection error. once though it was passkey mismatch, so i guess the phone asked the guy the passkey. when i changed my phone's name to "passkey_is_0000" just to see what happens, the unknown phone disappeared. see, there's a new form of wardriving - warwalking - with bluetooth! :D
the whole thing took about 16 minutes, and all that time my bt200 was on my ear in search mode. yet nothing happened.

Re:Device must be in paring mode

[tengwar]

Well I'm wondering if it ever does work. As timgoh0 says, you have to put the device into pairing mode. I work in telecoms, and I've never seen a BT handsfree that didn't have to be expressly put into pairing mode. Since BT is supported by a small number of bought-in chips, it seems unlikely that even a Crapposan Mk13 would differ from this behaviour. Secondly, pairing is what it says - it joins a pair of devices. Normally a BT handsfree will only support one handset at a time, and the cheap ones will only hold one profile (expensive ones may hold profiles for up to three phones, but only one active at a time). This leads me to doubt that it could be used to pick up a phone conversation.

Anyway, I'll be interested to hear whether anyone gets it working - don't have the time to try it myself.

Re:Device must be in paring mode

Or in "chopping" or "slicing" mode.

I set mine to "grate" and it runs smoothie.

Re:Device must be in paring mode

[Otto]

I work in telecoms, and I've never seen a BT handsfree that didn't have to be expressly put into pairing mode.

Well, I don't work in telecoms, but I have yet to find one that *does* need that. Some need to be put in discoverable mode for your phone to see them, but they could still be paired with even outside that mode if you knew they were there.

And most headset units don't even need that, they're always discoverable all the time.

Intersting

[kidtux1]

While this is intersting it will have very little use since not that many people have blue tooth head sets. Plus, you will only get a few seconds before the car has driven past you. -- http://www.kunae.blogspot.com/

Re:Intersting

[MajestikMoose]

On the contrary, I think that Bluetooth headsets are becoming more and more popular because of the passing of laws (such as here in Chicago) that require you to use a hands-free device with your cell phone when you are driving. Now that most mobile phones have Bluetooth built in, I see more and more people wearing the Bluetooth headsets.

Cordless Telephones

[Kiaser+Wilhelm+II]

I used to do this with cordless telephones (the kind that plugs into your landline).. they ran unencrypted on 43-46Mhz and 900Mhz bands for years.

Lets just say I got to know my neighbors very well.

(If you have a cordless phone and are wondering if its secure.. make sure it has "spread spectrum" technology)

Re:Cordless Telephones

[Schnee]

Spreading the spectrum won't make the conversation secure in a cryptograhic sense, but it will make it harder for a casual evesdropper to listen-in.

Re:Cordless Telephones

[Kiaser+Wilhelm+II]

Yes, however there are no consumer "spread spectrum" scanning devices on the market, ensuring that only a talented engineer can go to the trouble to build a receiver just to listen to your praticular model of cordless phone.

Re:Cordless Telephones

so THAT's what you've been doing on saturday nights

Re:Moderation messed up

[op12]

Yeah, it seems like since sometime yesterday afternoon, nothing can be modded (up or down). And the poll comments are still broken. Slashdot's coming apart at the seams!

Linux hackers?

Linux hackers have demonstrated a way to inject or record audio signals from passing cars running insecure Bluetooth hands-free units

So what does "Linux hackers" have anything to do with this? Had they written the software under Windbloze would you have started the summary with "Windows hackers"? Isn't the more relevant term "Bluetooth hackers", with the choice in OS playing no real role whatsoever, other than the preference of the person performing the exploits?

Re:Linux hackers?

[squallbsr]

So what does "Linux hackers" have anything to do with this? Had they written the software under Windbloze would you have started the summary with "Windows hackers"?

No, they would call the windows hackers "Hackers"... Remember only evil hax0rs using Linux...

Its just the media manipulating the public's view of Linux...

Re:Moderation messed up

[Rosco+P.+Coltrane]

What are you talking about? you got mod points in your post of yesterday - mostly negative mod points, but mod points nonetheless :-)

Re:Moderation messed up

[Gothmolly]

I haven't gotten any since I visited Slashdot via links on Anti-Slash. If you go there, copy and paste the URLs rather than clicking their links back to here. Apparently the HTTP-Referer identifies you as a persona non grata.

What next? Mailbox snatching?

Hey, fools put their mailbox out in the street where any dude, doesn't even need to grok that *nix stuff, can make off with bootie! Bluetooth? See a dentist. Thare be gold in them thare mailboxes.

Re:Moderation messed up

[bgarcia]

Yep, I see that the last 10 articles (at least) do not have a single post moderated above 3.

Too bad you can't talk back

[Gadgetfreak]

It'd be a lot more convenient if they could hear my shouts of "it's the passing lane, not the fast lane!" and "use your d@mn turn signals!"

Better driving through feedback!

Re:Too bad you can't talk back

[BlackCobra43]

The summary mentions injecting audio as well as recording it, so theoretically this shouldn't be hard to implement? Would make driving a hell of a lot more fun, I'll give you that. "GET OFF THE PHONE AND GO, THE LIGHT IS GREEN, MORON"

Re:Too bad you can't talk back

[Steinfiend]

I'm with you 100% on that. Living in South Florida I get to see the crème de la crème of automobile operation every day. Right turns from the left hand lane, left turns from the right hand lane are a daily occurrence. If I'm extra lucky they _might_ use their turn signal first. People swerving from lane to lane as they talk on their cell phones, eating breakfast whilst doing their makeup.

A friend told me a story from when he was a truck driver. He was in the middle of three lanes waiting at a red light. The lights went green and he started moving. It was about 100 yards up the road before he realized there was a car stuck under his front fender.

Apparently when the lights went green the woman to the left of him decided it was a good time to turn right. Of course being higher up he didn't see her until the sparks started really flying at about 30mph! She wasn't hurt physically, but I'm sure she never did that again!

Many a time I've dreamed of having a loud speaker on my car so I can voice my concerns to other drivers. Anybody know the legality on that?

Re:Too bad you can't talk back

It's a public address system. Perfectly legal. My pickup truck's CB radio had one years ago. I'd still have it but I no longer own the truck.

Visit a truck stop, buy a CB - Don't bother with the antenna unless you want that too. Almost all of them have a "PA" jack in the back. Hook up a (waterproof! See radio shack!) speaker and you're set to go. It takes a mono-headphones plug. Set the radio to PA and fire away. Just be careful, lots of bad drivers carry guns nowadays to supplement their bad driving.

Re:Too bad you can't talk back

[Steinfiend]

Good point! I'll make sure I invest in the armor-plating before I get the PA system!

Why is it just for cars?

[Kainaw]

I would like this if it is was more than just cars. I'd like to sit outside WalMart and force audio into all the idiots walking around with their bluetooth cell phone earbuds permanently stuck in their ear.

Re:Why is it just for cars?

[karnal]

You just sold me on buying one just to wear at WalMart.

Just so I can piss you off further.

But seriously, why does this upset you? I know I've seen people with the earpiece in, and while I think it's a little silly - especially since they're not on a call, it's just an earpiece.

Re:Why is it just for cars?

[Kainaw]

But seriously, why does this upset you?

I never said it upset me in any way. I just like abusing idiots. It is the same reason that go around the office at night after everyone leaves and mess with their computers if they leave them both turned on and logged in until the next morning. I need to rewrite an old Win95 program that made the icons move away from the mouse, so you have to trap them in the corner to click on them. Replacing desktops with screenshots of their desktop is getting old.

Re:Why is it just for cars?

I remember that wicked windows was awesome

Re:Why is it just for cars?

I've noticed the exact same problem recently... it's alsmot distracting talking to someone with one of these things on their head. It's like "are you waiting for the borg to issue your commands?" I've had business meetings with some people and they didn't have the respect to take the thing out of their ear. I can't imaging how bad this will be when people are using bluetooth sunglasses with built in monitors. What would happen then? Injecting video will probably get conservatives all upset due to the Bluetooth Hot Coffee mod.

//end tirade

Obligatory reference

[suitepotato]

Imagine a beowulf cluster...

...self-destructing under the power of all the brainless conversations intercepted in midtown Manhattan.

That wouldn't work

[WindozeSux]

The government uses Linux on their most important machines and servers. However, the less important ones use Windows.

Re:That wouldn't work

[JonXP]

Hrmmm, all the servers I've seen of theirs run Sco Unix. Though, this is only the treasury department.

Re:That wouldn't work

[jrockway]

Duh, that's the same thing. Remember that Linux is just stolen SCO UNIX code :)

(just kidding, in case you didn't notice the smiley :)

Bluetooth fun

[inexion]

Whew, now all we need is some manner of device that will either detonate/melt those stupid god awful bluetooth headsets - ahhh that would be so lovely

Subliminal spam...

[mikael]

Not only will we now see adverts along the freeway, but now the advertisers will be able to play audio jingles or just some subliminal sounds like a soft drink can being opened and the drink fizzing while it's being poured into the glass.

Although, there could be practical applications. There were some conceptual projects where cars were able to determine the location of each other using RF communications. The idea of this was to prevent crashes during times of restricted visibility (fog, blizzards). And having emergency messages being broadcast locally wouldn't be such a bad idea.

Slashdot dead

Crippling bombshell RIVER OF BLOOD moderation code STOLEN

Mod problems? - def off-topic

[twigstamc420]

Is it just me or is it weird that not one single story one the front page has any comments that have been modded up to 5?

Go ahead and waste your mod points and call me off-topic.

Re:Mod problems? - def off-topic

[ZackSchil]

I would mod you offtopic but the moderation system is down.

Re:Mod problems? - def off-topic

And I would mod you as redundant...

Re:Mod problems? - def off-topic

Just deal with it. It's the comments that matters not the moderation unless you're too lazy to read.

Re:Mod problems? - def off-topic

*sigh* If this isn't a joke, I'll be pissed. I can't tell if it is or not, because you haven't been modded anything yet.

Re:Mod problems? - def off-topic

[vertinox]

Now that you mention it... I haven't gotten mod points in days. I thought that perhaps I was meta-modded down a few times.

Its funny. Laugh.

[mekkab]

Mods wouldn't know funny if it jumped up and bit 'em on the bum. SIGH.

Re:Its funny. Laugh.

[GoodOmens]

lol I was taken by his reply too.

Re:Its funny. Laugh.

[j-tull]

I couldn't agree more. To avoid repeating myself, I'll simply point everyone to a recent rant: http://hardware.slashdot.org/comments.pl?sid=15671 5&cid=13136817

If only I had the mod points to save this poor post! Sadly, a proper mod of "funny" would do nothing to help this poor beat up poster. Wouldn't it be nice if a mod of "funny" could erase bad karma from a given post even if it had no other effect on total karma?

Oops! There I go again. Please mod -1 redundant.

Re:Its funny. Laugh.

[mekkab]

Or maybe they just don't think I'm funny...

/ Bah! Everybody's a critic!

Broadcast Ping

[woodsrunner]

That would be fun! I am sure WalMart would like that power to direct their shoppers to the latest thing they are trying to flog.

I have always wanted a way to do a broadcast ping of all the local cellphones to get them all to ring at once. I bet theatres would like a device that could do this in order to get patrons to turn off their ringers before shows start.

Re:Broadcast Ping

Is that you, Jobe?

What does this have to do with Linux?

[mumblestheclown]

Exactly why does the headline mention Linux? This project could have been done on any operating system. It makes as much sense to mention linux here as it does the model keyboard they were using to type.

/ note to zealot moderators: this is as much a COMPLIMENT to linux as anything else.

Re:What does this have to do with Linux?

[Your+Pal+Dave]

From TFA:

Downloads

Please use this Proof-of-Concept application responsible !

carwhisperer - Talk to Technophile Strangers (be nice)
  (written for for Linux using BlueZ)
by Martin Herfurt
Download carwhisperer-0.1.taz.gz
more information on the Car Whisperer project page

The article makes no mention of any other OS.

Re:What does this have to do with Linux?

[cahiha]

This project could have been done on any operating system.

Could it? Linux gives full documentation and access to everything from the hardware level up.

Re:What does this have to do with Linux?

[glesga_kiss]

Exactly why does the headline mention Linux? This project could have been done on any operating system.

Because it got the article green-lighted. Submitters can karma-whore as well you know...

Re:Moderation messed up

[DigitumDei]

Mod point to hand out, not mod points on my own posts.

Re:first

GP typed w00t, not w00f

Re:Moderation messed up

[Rosco+P.+Coltrane]

Ah ok, I didn't get that.

FYI though, I used to get mod points every week, for many months, until one day it stopped. Maybe a week later, I was advised that some metamoderator had disagreed with one of my moderation and that said moderation had been cancelled. I haven't received mod points since then.

So I suspect the moderation system hands mod points over to those who make as few mistakes as possible (which sounds like a good thing to do), and one way to never make mistakes in moderation is to always mod obvious trolls and offtopics down, and never mod interesting, argumented or more complex posts up :-)

"Hey Good Lookin'...

[Orrin+Bloquy]

...I'll Be Back To Pick You Up Later!" Ron Popeil unavailable for comment.

Re:"Hey Good Lookin'...

http://www.idfuel.com/images/popiel/mr_microphone. jpg

Re:Moderation messed up

[ajs318]

Tracking moderator points and commenting on polls both are options that involve disk writes. So I suspect that a disk or partition probably has got full somewhere. I know that Linux -- and probably other unix-like systems -- will quite happily boot in that state; root even has a little bit of extra private space on each filesystem, which mortals cannot touch, for dealing with such emergencies.

By default, MySQL databases are under /var/lib/mysql/, mail messages are under /var/mail/ and logs go in /var/log/. If /var/ ever gets really full, then your automated e-mail notification system won't work -- and nor will it show up in the system logs.

To: All Stratcom Generals (+2, Classified)

To: All Stratcom Enabled Generals
From: President-Vice Richard B. Cheney

1. If the Democrats get too popular, nuke Iran.
2. I'll (s)elect Jeb Bush as the 2008 Presidential
        Republican candidate
3. Transfer Iranian oil assets to BP and RD Shell.
4. =Profit !

P.S. Please reserve 1 luxury spider hole for me in Pakistan.

Fraudulently yours,
President-(Vice) Richard B. Cheney

Re:Moderation messed up

[DigitumDei]

Its been at least a month since I was last meta moderated badly. Though given the lack of moderations happening today, I'm pretty sure we're not the only ones not getting any mod points.

Intrestingly, as the number of moderations dropped, the percentage of bad mods to good mods changed quite a lot. Seems the people who store their mod points are more likely to mod down.

Oh wait thats just because we actually are offtopic. ;)

I hope they don't pass any laws against this

and just let natural selection ta*(^&Uhvcsd7fy

Account Susspended due to lack of funds.

Re:Moderation messed up

[NerdHead]

'Offtopic' sure works.

not like it really matters...

when you consider that you'd have to "snarf" many connections to get anything worthwhile, you would need to be in a place that offers access to many in-use cars. This pretty much limits you to highways and other similar places. now consider the range of bluetooth and consider how fast cars are going by any one spot. you'd get maybe 2 seconds of audio before the car went back out of range. if you wanted to increase your recording time per-car, you'd have to get in one of your own and follow the person. This would seriously decrease your first number (how many people you could snark in a given amount of time). Again, making it worthless to do, if you were trying to phish for information...

this isn't a real threat, it's just a proof of concept.. nothing to see here, move along.

Bad assumption

[benhocking]

Others have gotten in trouble for less deliberate eavesdropping. (Well, maybe not less deliberate, but not so much effort was required.)

Perhaps the authorities wouldn't have this problem, but I suspect they would.

To protect Top secret info...

[doublem]

Notice, The Car Whisperer has been declared a Terrorist tool. Anyone found to be downloading, using or reading about the Car Whisperer will be prosecuted for the commission of Terrorist Acts.

Dangers of new technology... So much for autodrive

[moorley]

This may be a little off topic but there's this list of technologies I'm waiting for.

Teleoperated robots
Cars that drive themselves
Flying cars
Jetpacks ;-)

But I have to remember the downside of these new technologies. I'm still debating wiring a kill switch for my daytime runner head lights, let alone worrying about remote exploits of my automative or household electronics.

So someone can take over my headset with "Eat at Joe's". How about a new crime wave of auto drive cars lulled away in the wee hours by a digital Pied Piper?? *SIGH*

Pardon the pun, but it's a lovely ride even if a wee bit scary from time to time... ;-)

Re:Moderation messed up

[op12]

The poll commenting had been having problems a while before (I think a few days) the moderation problem. Also, wouldn't article comments also be affected? Still, that's the best explanation I've seen so far :)

No mod points when you need them

[HangingChad]

Sucky mod. It was on topic and funny.

'Injecting' Audio?...

That's all we need, audible SPAM interrupting conversations.
Then again people ought to be focused on the 3000+ pounds of metal that they're navigating anyhow, not talking. HMMM... could I create a bluetooth jammer that surrounded my car?... better yet, I could force all to hear my Superfly theme music and acknowledge my bad ass!

Is it too much to ask...

[Wizzmer]

In a few years all new cars sold in the EU must be able to call for help when they detect an accident. Basicly that means that every car has to have a built in phone and GPS. Then we'll se a lof more of this kind of crap. Is it too much to ask that the darn thing just gets you from point A to point B without you having to worry about who and where you are being watched / listened to?

Re:Oh noes! They could illegally

Shhhh!!! Keep it quiet, or *the RIAA will start taxing the airwaves* just in case someone might be giving away free music. You know, like your grandmom listening to her car radio on the way to get her walker repaired. Never mind that the radio received the broadcast as a freebee, the radio station payed for that one. Granny will now have to pay for her broadcast over bluetooth too, just in case someone is listening.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Give the mod the benefit of the doubt

[WidescreenFreak]

The parent is indeed 100% on-topic; however, I will give the mod who knocked it with "offtopic" the benefit of the doubt that he is from outside of the U.S. Let's face it. What would someone in the U.K. or Australia really know about a Verizon Wireless series of adverts that are run in the U.S.?

For those who don't understand, Verizon Wireless (as in mobile/cellular phone, not WiFi network) has been running a series of commercials where in order to test the strength of Verizon's signals a Verizon technician will go into the most bizarre locations and say "Can you hear me now? Good!" The idea is that no matter where he goes, he can get a clear signal and can be heard by whoever is on the other end.

Hence why the parent post is actually 100% on-topic and funny.

(Now watch this post get hit with offtopic instead of Informative. No good deed goes unpunished on Slashdot.)

Re:Give the mod the benefit of the doubt

Or perhaps the moderator is a loyal employee of Verizon Wireless, and was grievously offended by the stereotyping of his company as being insecure.

While the joke did infer a Verzion problem, this is, in fact, an industry problem, affecting all cellular carriers. Verizon was simply the hapless victim of the jocularity, and perhaps the moderator moderated the post as "Offtopic" because there isn't a moderation for "Hurtful and Insensitive to Me as a Person and a Valued Employee".

So please, guys, keep the jokes rolling! But let's do try to be a little more sensitive with the humor so that we don't offend anyone, k?

GO TEAM!!!

Re:Give the mod the benefit of the doubt

[databyss]

I wasn't aware that Verizon owned Bluetooth.

It was a joke on a popular commercial.

If a Verizon employee was seriously offended by that then they have issues deeper than bad modding.

Re:Give the mod the benefit of the doubt

[onkelonkel]

I don't understand the geek mentality sometimes. If you don't know the most obscure facts, say Bobba Fett's shoe size, you are "the lamez0r". If you state the PDP-8 was an 8 bit machine, one gazillion people will immediately correct you.

So why can't the average geek do simple English and figure out the difference between INFER and IMPLY and use them correctly. Do they not know? Do they know but not care?

Re:Give the mod the benefit of the doubt

[sowth]

Yes, lets be sensitive with the humor and be careful what you say.

For example, I have goatse sensitivity syndrome, and at first glance, I thought "GO TEAM" spelled out "GO ATSECX!!!" I'm going to have bad dreams for weeks. Please refrain from phrases similar to the great evil url. Have a nice day.

Re:Give the mod the benefit of the doubt

[DaisyTheCow]

The phrase "Can you hear me now?" is, (in the UK), a well known catch phrase of the comedian Peter Kay so people in the UK should have got it, but for a different reason.

Re:Give the mod the benefit of the doubt

[carlos_benj]

If you state the PDP-8 was an 8 bit machine, one gazillion people will immediately correct you.

No way! Well, maybe today, but when they were new they cost a lot more than that....

Good

[wickedj]

Maybe then we can inject comments like these to drivers:

"Get off the phone and drive!"
"Pay attention!"
or my favorite
"Put down the beer!"

Re:Good

[grassy_knoll]

Nice!

Might also be fun to find a bluetooth user with a fish sticker and inject coments like:

"Satan wants you to go to church"
"Gospel rock demeans both the gospel and rock"

To bad they didn't mention...

[cmdrwhitewolf]

That they accidently stumbled upon the Governments secret plan to be broadcasting to every passing by Blue tooth headset - "$200 SPEEDING TICKET, pull onto the next off ramp to speak to our polite on duty patrolmen awaiting you there to receive your reciept please."

Re:Dangers of new technology... So much for autodr

You can't hijack the car with bluetooth, only its radio and phone. The car's electronics are NOT online. You can't remotely hack into a car and, say, install Linux on its onboard computer.

It would be the same with autodrive, which is actually just an extension of a cruise control.

Re:Moderation messed up

Population biology of modpoints? /. really is a bunch of nerds.

I guess that means.....

[8127972]

That phone sex is out.

Re:Moderation messed up

[Experiment+626]

There are no mod points going around today? Muahahahaha now I can troll with impunity!

Hmm let's see, In Soviet Russia, a beowulf cluster of hot grits imagines YOU down Natalie Portman's pants, my new insensitive clod overlord. Wait, that's not trolling, that's just mixing cliche's... Let's try again... Linux == communism, SCO == teh win. I [img src="heart.gif"] the RIAA. How's that?

Uh-oh, if the moderation system gets fixed today, this might be modded off topic. Encrypt your bluetooth communications. No, someone's probably already said that, now the post is redundant. Argh, this is too difficult, I hope they fix Slashdot soon.

One Way to Stop This Kind of Attack.

[xactuary]

Moon 'em!

Interesting

[SecularG]

Hook these guys up to the '125 mile WiFi' guys and you have a wide range of people wondering why interesting sounds are on their headsets during their conversation.

Slahdotted sorta

[dwayner79]

From there home page:

Hi everybody, a real storm of requests was hitting the trifinite.org server last night. In total, the transfer for August already exceeds the monthly quota. (And this is just the beginning of the month)... scary

If you want to help covering the cost from that request-storm, you should consider a donation. Thanks a lot.

Cheers.

HAHHAHAHAHAHAHAHAHAHAHAHAHAHA

Inter-sting?

[HTH+NE1]

Who says your interceptor has to be stationary? Just drive slow on the interstate until a potentially interesting conversation passes you, then you keep pace.

Re:Inter-sting?

[Strolls]

Who says your interceptor has to be stationary? Just drive slow on the interstate until a potentially interesting conversation passes you, then you keep pace

Yeah, this could be the technology that actually makes long car journeys with geeks interesting!

And to the grandparent - I don't know where you live, but here in the UK you see every idiot walking around wearing an expensive bluetooth headset. I think it's a prestige thing - look I have £50 to spend on looking like a cheap, stupid cyborg!

Real Real Genius...

[feepness]

MITCH (V.O.) I'm talking to you, Kent. KENT What? MITCH (V.O.) I said I'm talking to you. KENT (shaking his head, violently) No! MITCH (V.O.) Yes. KENT (slapping himself) I'm not asleep. I must be overworked. MITCH (V.O.) You're not overworked, Kent. KENT Well, I'm not insane! Silence. KENT (CONT'D) Am I? INT. CHRIS AND MITCH'S ROOM MITCH That remains to be seen, Kent. But we are having a conversation. INT. KENT'S ROOM KENT I have to metabolize this. Um... who is this? MITCH (V.O.) This is Jesus, Kent, and you've been a very naughty boy. KENT (cracking up, laughing) All right! Who is this?! Bodie? Carter? MITCH (V.O.) I am known by many names. I am the One. Turn to me and be saved. KENT Oh, Sure. MITCH (V.O.) Cut the crap, Kent, you've built a weapon. KENT How did you know that? MITCH (V.O.) I know everything. KENT Oh. God. INT. CHRIS AND MITCH'S ROOM MITCH That's right, Kent. Where is the laser now? INT. KENT'S ROOM KENT I can't tell you. MITCH (V.O.) How would you like to burn for the rest of time? KENT (panicking) No, they're testing it on the twenty-seventh but I don't know where. It's classified. MITCH (V.O.) Oh. KENT What? MITCH (V.O.) Nothing. I want you to think about what you've done and repent, and from now on, stop playing with yourself. KENT I don't...okay

Pics of the demo on WhatTheHack last friday

[mistermark]

These guys showed this on WhatTheHack - conference in The Netherlands last friday.

I made some pics of the demo, starting with this one:
http://geektechnique.org/gallery/wth2005/DSC04384
(browse with 'next' through the pics of the demo)

BTW, WTH was great! ;-)

Ohh-ahh there are voices in my HEAD....

[dindi]

crash .... bang..... lawsuit ...
against the user and the developer ...

this is not a toy for corporate america .... but i cannot wait testing it :)

nah where is the dongle ... and
#apt-get install libbluetooth1-dev
hope that's the needed lib :)

Re:Ohh-ahh there are voices in my HEAD....

[mi]

crash .... bang..... lawsuit ... against the user and the developer ...

Would you rather using such devices be encouraged? It is called unauthorized eavesdropping and is illegal in most countries.

this is not a toy for corporate america ...

Just curious -- you seem to use the word "corporate" as a derogatory term. Would you rather live in a "tribal america"? Or in a "collective farming america"?

Re:Ohh-ahh there are voices in my HEAD....

[dindi]

i would rather live in CENTRAL - America as I do now :)

on the other hand i use it as a derogatory term as in: "big mean corporations controlling everything"

hmm a farming america would be nice ... always wanted to be a shephard .... but actually tribal america seems cool too to me ....

anyway do not take it offensive, I feel like that against corporation controlled (ALL?) governments .

It is always nice to rebel against something isn't it ?

cheers

Re:Ohh-ahh there are voices in my HEAD....

[mi]

I feel like that against corporation controlled (ALL?) governments.

Corporations are merely the best currently known way to scale human labor. You know -- to do things, smaller groups of people simply can not.

Once we find a better way, corporations will fade away the same way tribes and slavery did.

It is always nice to rebel against something isn't it ?

Not without a (good) cause...

Pipe in Barney

[ebvwfbw]

Pipe in Barney, watch them crash and burn... bla ha ha ha hah hahah cough snort ha ha ha ha ha.

Better use

[www.sorehands.com]

Instead of a joke, you can comment on the driving of that person -- "If you want to site see, get off the damn road!" Or "if you want to talk on the phone and drive, make sure that you have a functioning synapse."

Re:Better use

[DoorFrame]

I admit it, I'm confused/amused by the fact that your username is a url, and yet isn't the same as the webpage you choose to list below your name. Good for you.

Re:Moderation messed up

[bgarcia]

Seems to be working againg. All the latest articles are showing moderation in the comments now.

This is great

[brainburger]

I can't wait to sit in my window shouting 'TUMBLE DRIER!' into the ears of passing motorists.
I shall let you all know how long it takes for one to pull up and offer me a cigarette.

Are there any headsets that don't do this?

[Otto]

That code is only needed for the initial connection in the first place. After that, the two devices exchange info ("pairing"), and then they know each other and don't need the code anymore.

Having an easily guessed code means that somebody can "pair" to your headset and then take control of it, which is what the software in TFA does.

Yes, lots of headsets use 0000 or 1234. Stupid, no? And one with a simple solution too, if the manufacturers were not so lazy. If the thing has any kind of display, use a random code each time you pair. Simple. If it lacks a display, then simply give each unit a different code and print it on the thing or in the docs somewhere. If somebody can't guess the code easily, this trick won't work.

Anyway, I'm looking for BT headsets now, and I won't get one with a default code like this. Which kinda limits the field, since I have yet to find *any* BT headsets that don't use a default code. Anybody got any suggestions?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Details and question about susceptibility

[Otto]

Okay, the way this works is basically that they scan for BT headsets and try to pair with them using default keys (like 0000 or 1234 or what have you). Once they make a connection, they can send audio to the thing.

So, are there any headsets or car units out there that are NOT susceptible to this?

In order to not be susceptible, you gotta have either :
a) A non-constant PIN (meaning that it either has to be random every time or semi-unique to that device, like the manufacturer puts a different PIN in each unit), or
b) Not available for pairing unless you hit a button on the thing (and this means really not available for pairing, not just "not discoverable", it has to actually deny the pairing attempt).

So, which devices are vulnerable and which are not? Near as I can tell, *all* bluetooth headsets are vulnerable, as are most carkits.

Built in systems usually not vulnerable...

[Otto]

In the specific case of the Acura TL HandsFreeLink system, you tell the system what the code is for pairing. Therefore it doesn't have a "default" code, therefore it's not vulnerable to this attack.

Some other built BT systems I've seen display a code on the radio or let you enter one though some other method. Regardless, if it doesn't have an unchangeable pairing code, it's not vulnerable to this attack.

It's not just for cars...

[Otto]

Nearly all current bluetooth headsets are vulnerable to this attack.

But seriously, where do you go that you see lots of people with BT headsets at Wal-Mart? Usually I see the freakin' dregs of humanity at Wal-Mart. People with taste are shopping elsewhere. :P

Re:It's not just for cars...

Which must mean that you include yourself in that "dregs of humanity" group, since you must be at Wal-Mart yourself to be able to observe them.

Re:It's not just for cars...

[Otto]

When you need something at 3 am, Wal-Mart is basically your only choice around here. And it's usually pretty packed at that time too.

and

i live in a cave with my eyes closed and hands over my ears.

how does this artical effect me?

The Trifinite Site Is Excellent

[Master+of+Transhuman]

Check out the over 1-mile Bluetooth detection page. They got a Bluetooth connection over a mile away.

They also can run Bluetooth snarfing from a Bluetooth-enabled cell phone.

Lots of fun Bluetooth stuff there. These guys are brilliant.

Re:The Trifinite Site Is Excellent

Amazing. Usually the maximum distance I can use between my phone and headset is about half a meter. Sometimes I can move as far as few meters from the phone without too much distortion. I already considered using duct tape to attach the phone to my shoulder but then I thought that I might as well tape the phone directly to my head...

have a laugh

[Crook+C-Digital-Art]

You could whipser 'Kill them all..... ' over and over at passing cars. I'm sure you could set it up to do it automagically too :)

Re:have a laugh

Red rum! Red rum!

Anyone have the TV commercials online?

[antdude]

Those would help for people who don't know about these television commercials. My favorite is the monkey one with the bananas. That one is too funny.

I couldn't find any online commercials, even on Verizon's Web site.

Current Poll (OT)

[Tekgno]

While on the issue of the mod system being up the proverbial creek. What is the go with the current poll? It says it has been archived and no new posts can be made. WTF?

May I be the first to say...

[IInventedTheInternet]

Ring ring ring ring ring ring ring Banana phone Ring ring ring ring ring ring ring Banana phone I've got this feeling so appealing for us to get together and sing - SING! Ring ring ring ring ring ring ring Banana phone Ding dong ding dong ding dong ding Donana phone It grows in bunches I've got my hunches Its the best beats the rest cellular modular interactivodular Ring ring ring ring ring ring ring Banana phone Ping pong ping pong ping pong ping Ponana phone Its no baloney It aint a phony My cellular Bananular phone Don't need quarters don't need dimes to call a friend of mine dont need computer or tv to have a real good time I'll call for pizza I'll call my cat I'll call the whitehouse, have a chat I'll place a call around the world Operator get me beijing jing jing jing Ring ring ring ring ring ring ring Banana phone Ying yang ying yang ying yang ying Yanana phone It's a real live mama and papa phone a brother and sister and a dogaphone a grandpa phone and a grandma phone too - oh yeah my cellular bananular phone Banana phone ring... ring... ring... Its a phone with appeal (a peel) Banana phone ring... ring... ring... Now you can have your phone and eat it too Banana phone ring... ring... ring... This song drives me .... bananas Banana phone ring... ring... ring... Bo ba do ba do do doob

It's ok

[maverick529]

I dont think,this hack makes,such an impact, because the typical range of a bluetooth device is 100mt, and while travelling, it will be very difficult for the eavesdropper to maintain the connection, unless the traffic is moving very slow. The best alternative for this is to dynamically control the coverage range of the bluetooth device.

Re:Moderation messed up

[DigitumDei]

Aha! Slashdot heard my call and my 5 mod points arrived. Now to mod you into oblivion. ...

Oh crap, I've already posted here...

and where was it made public?

it was made public at WTH, what the hack, a hacker festival in the netherlands which attracted as much as 3000 geeks from all over the world.

and which shitty newsmag rejected the announcement to this event? thats right, slashdot did. sorry, have been a fellow reader for a long time, but that just sucked. wall-mounted laptops make it on frontpage but not an event as bis as this?

Where's the Slashdot FED when you need it?

Inflation please.

Hey! This could be usefull stuff

[snolan]

What about getting conversations going between nearby drivers? Might help reduce the isolation one feels when driving in traffic... Could also make "caravaning" (where several car loads of people travel together on a long trip) easier to manage if hey can talk car to car without having to carry walkie-talkies or FRS radios.

Expectation of privacy?

[jemenake]

The Trifinite group showed how hackers could eavesdrop

I've wondered, for some time, if police would ever employ those "listen to a conversation inside a room by bouncing a laser off of the window" spy gadgets to listen to what the occupants of a car are saying during a traffic stop (or maybe even *before* the cop decides to pull them over) to hear time-saving tidbits like "Vinnie... quick! Hide the dope under the back seat!".

This bluetooth thing makes it a lot easier. I'm pretty sure that the supreme court has said that talking on a cell phone does not give you expectation of privacy (meaning: whatever you say into your phone during a cell call is admissible as evidence in court), but what about just having an unsecured bluetooth phone (ie, not making a call with it)? I wouldn't be surprised to see a supreme court ruling about this within 5 years and, given the future composition of the court, I don't think the ruling will be good.

Re:Expectation of privacy?

[lachlan76]

The laser wouldn't work, the car vibrates too much.

Pair this!

[theBunkinator]

If you can pair your bluetooth rifle to my POS headset, more power to you. I for one can't get it to pair with my phone to begin with.

also see....

[IchBinEinPenguin]

http://www.schneier.com/blog/archives/2005/08/eave sdropping_o.html

Car Whisperer

[JadeNB]

Does anyone else picture Robert Redford as the wise and sagacious Car Whisperer?