Injecting Audio Into Insecure Bluetooth Handsets

vandon writes "Linux hackers have demonstrated a way to inject or record audio signals from passing cars running insecure Bluetooth hands-free units. The Trifinite group showed how hackers could eavesdrop on passing motorists using a directional antenna and a Linux Laptop running a tool it has developed called Car Whisperer."

Solution: Encryption

[Zweideutig]

Have proper encryption between hand set and the transmitter/receiver. This may make hand sets more expensive, as a small computer in both the headset and the transmitter/receiver unit would be required, but it should eliminate this problem.

List of which kits are susceptable

[Se7enLC]

Thank you to the fine people of trifinite.org for not listing off which handsfree devices they found to be secure and which they found to be insecure. Now I guess we'll all just have to wait until we're hacked to find out if we bought the right one.

These guys seem to be pretending to be doing it for the good of the industry, but their site seems to list a lot of Bluetooth Hacks & Attacks. And they didn't seem to have made any effort to contact vendors to get the problem corrected, either.

Re:cool but also meh

[tomstdenis]

I dunno about all.

My understanding of Bluetooth is that it CAN be used properly just as implemented it isn't.

If you're security cautious you'd use a normal usb or ps/2 keyboard.

Tom

Re:Top secret info

[Doc+Ruby]

Yes, of course everyone with Top Secret clearance is absolutely discreet with the info they handle.

Everyone knows that "government employee" == "perfectly competent".