'BlueBag' PC Sniffs Out Bluetooth Flaws

An anonymous reader writes "Why isn't Bluetooth set to "hidden" in all of Nokia's phones? Some hackers in Italy stuffed a computer with a bunch of Bluetooth dongles in a suitcase to see how many Bluetooth devices they could discover by wandering around airports, train stations and shopping malls. The answer? More than 1,400 in 23 hours." The team will present their findings at BlackHat later this summer.

Discovery is not pairing

[wish+bot]

That's great, but how many could they actually pair with?

Ohh...none?!

Re:Discovery is not pairing

I believe you meant your answer to be: 0000

Re:Discovery is not pairing

[mlk]

If you rename your device to "Nokia Download Center: Snake Superupdate aviable, type 1234 for this free update"(1) I wonder how many people would blindly tap it in, and bond with you. But to be honest, I'm not really sure what you could do then over Bluetooth.

Mmm. Bonding.

My computer (in a 2nd floor flat) will every now and again get Bluetooth bonding requests, and popups welling me that I've connected to someones PIM (until I turned it off).

1) Or "Free PORN!" equivalent.

Re:Discovery is not pairing

[Tim+C]

In related news, 100% of people walking past my front door can see it...

Re:Discovery is not pairing

[Inda]

My employer has a contract with Vodafone and Nokia.

Sat here with my Sony (sorry /.), I can discover 26 Nokias.

No news here peeps. Move along.

Re:Discovery is not pairing

[internewt]

Or "Free PORN!" equivalent.

That's funny. Infact, I've turned bluetooth on, and renamed my phone to "Free porn. pin 69". I'm not sure if it's a good idea, but lets see...

Re:Discovery is not pairing

[tehcyder]

You insensitive clod, I might be visually impaired!

Re:Discovery is not pairing

[JasonTik]

What about the blind people, you insensitive clod?

From the makers of cell phone anti-virus software

[elrous0]

Convenient findings from the makers of cell phone anti-virus software, no?

-Eric

blueteeth

even more of a problem is the noise my computer makes whenever someone with a bluetooth devices walks past my desk. try debugging a multi-threaded app with your computer constantly making random noises!!

Re:blueteeth

gosh that would be hard.. I mean those "Debugging by sound" courses I took would be totally wasted... I'd have to fall back on old-school methods like sight and intelligence. If only your app was single-threaded, you wouldn't have that problem... ohhh wait, multi-threaded app has nothing to do with your comment, you just threw that in to hang your dick out... nice job!

news?

[SillyNickName4me]

While it is a fun experiment, it is really not news at all.

I have to make a 5 1/2 hours trip by train about twice a month, and for a while one of my ways to waste some time was bugging people who have bluetooth enabled phones...

My 'toolset' ?

A Palm m505 equipped with a bluetooth sdcard.

Typically, just walking through the train from one end to another would get me some tens of phones and a laptop here and there.

Often you can't pair with devices you find, but many of them don't really require pairing for getting data from them, and besides, pairing requests allow for sending text messages, and a 'yes' is an instinctive reply whenever people get bugged by popups.. also on a phone.. Even if that doesn't work, you can still bug people and even make use of their phone difficult... (great when you can find the phone of that extremely loudly talking person)

This was some 3 years ago, and it was well documented back then already.

Re:news?

[eraserewind]

Do you also knock on people's doors and then run away?

Re:news?

I knock on doors, then when they answer, just stand there until they tell me to go away.

Re:news?

I knock on doors and when they answer, I say

'Hello? Can I help you?'

I also phone up bookshops and when they pick up and say 'hello can I help you?'

I reply 'No thanks, just browsing...'

Re:news?

[SillyNickName4me]

Do you also knock on people's doors and then run away?

No (tho at some point in my life I did try.. and I would be surprised if you can honestly say you never did), but if they leave their door open with a 'Welcome' sign over it, I might walk in and take a look.

Re:news?

No (tho at some point in my life I did try.. and I would be surprised if you can honestly say you never did) ...

I never did, but then again I'm boring. So boring. And lonely. Call me?

Re:news?

[Pollardito]

flesh this out a bit more and your post could be the story and this waste of time at the top of the page could be someone's reply

Nuclear Powerstations and Missiles

[k1980pc]

I can use my laptop and find out the location of each and every single strategic installations in the world. That surely does not allow me to log in to or enter any of them and cause mischief. Just because they were able to 'see' bluetooth device is not a security risk - It becomes serious only if they were able to pair to any of them,with or without a passcode. But I remember P.Hilton or somebody getting plastered all over the net with pics hacked from her cell using bluetooth. Just can't find the link.

Re:Nuclear Powerstations and Missiles

[Darth_brooks]

Her sidekick didn't get hacked via bluetooth. The just used a really simple, easy to guess password and her web access (Sidekicks dont actually store much data, they ship photos & the address book off to the T-mobile servers.). IIRC she used the name of that little rat dog she used to carry around.

Her "incident" touched off a series of B-list celebs getting their sidekick data plasted around the web. I think Fred Durst was another one that was caught the same way.

Re:Nuclear Powerstations and Missiles

[metroplex]

Paris Hilton's phone's content wasn't "hacked" using bluetooth, a teenager exploited a flaw in T-Mobile International's code to gain access to her web account, which to my understanding mirrored the content of the phone.

Re:Nuclear Powerstations and Missiles

The just used a really simple, easy to guess password and her web access (Sidekicks dont actually store much data, they ship photos & the address book off to the T-mobile servers.). IIRC she used the name of that little rat dog she used to carry around.

Not quite. They didn't guess the password, they used her password recovery question to gain access. The question was "What is the name of your pet" (Tinkerbell). Hint to retarded members of the B-list (or better): Having data secured by the name of a pet you insist on giving almost as much publicity as you get yourself is idiotic.

That's an odd analogy...

[il_cuoco]

From TFA:

Using Bluetooth is "like sex," Zanero said. "It's better with precautions."

Anyone care to come up with a joke about getting a trojan and wearing a trojan?

Re:That's an odd analogy...

Indeed.
So in reference with the article, beeing able to see many parthners and identify them as such, is very far from being able to have sex with them.

May not be news, but...

[Valdrax]

It's an issue I'm sure that a lot of Nokia phone owners aren't aware of. I didn't realize that my phone's Bluetooth settings were set that way until I read the blurb and checked. I turned it off and changed it to hidden (just in case I ever want to reactivate it later).

I don't exactly have anything important in my phone, but given the existance of Bluetooth exploits, I'd rather not leave the ports open as it were.

Re:May not be news, but...

[SillyNickName4me]

Simply turning off bluetooth alltogether unless you are actually using it may also do some nice things for talk/standby time btw.

Does it really matter?

[phunkphorce]

Does it really matter how many devices with Bluetooth on they found? I always keep mine on, so that I don't have to turn it off and on when I am leaving/getting home to use such nifty tools as Salling Clicker in OS X (available for Windows too)

So????

[__aahlyu4518]

I can discover even more frontdoors in the same period of time.
But how many are open so I can walk in ???

NOT a dongle!

[youngerpants]

OK, this peeves me. A "Dongle" is a hardware license. that is, an adapter/ chip that plugs into a PC/ Server/ Whatever that verifies a license.

These guys plugged several bluetooth peripherals into a laptop.

Sorry, but this is a technology site.

Re:NOT a dongle!

[k1980pc]

"bluetooth dongle" is a very common usage for a bluetooth-peripheral-that-plugs-into-hardware-and- verifies-license-AND-lets-you-connect-to-other-blu etooth-enabled-devices.
Try googling bluetooth dongle or going to your friendly neighbourhood shop and ask for a dongle. By the way,if you ask for a bluetooth peripheral, you might get everything from a dongle to headsets to mice.

Re:NOT a dongle!

I am an ethernet dongle.

Re:NOT a dongle!

[Xenna]

To me A dongle is something that dangles off your pc.

It may well be a hardware license protection device, but the shape and the attachment to your PC are the real criteria. It must have that distinguishable dongly shape...

And Google gives 12.600 hits for 'software dongle' ;)

X.

Re:NOT a dongle!

[aug24]

Ummm, No.

"Dongle as the name of a device was used well before 1980 within the telecoms industry to refer to BNC cable joiners of either sex (such as the RG58 cable used on 10 meg Ethernet)."

Justin.

Re:NOT a dongle!

[mjh]

The problem is that language doesn't work that way. All of us, as a group, are in control of language. Words that were intended for one context frequently apply to all kinds of other contexts. And people gravitate towards analogies. So the "dongle" that you speak of, works very well as an analogy for a bluetooth peripheral. Pretty soon, "dongle" means any sort of thing you plug into a PC that sticks out the end.

It is very difficult to keep people from using words the way that they want to. This is the motivation behind trademark laws. Once the mass decides that a word (e.g. kleenex or xerox) means something more than the specific original intention, the game is up. I believe that dongle has passed that threshold.

So you can continue, in a Quixote-esque manner, to try and steer people back to the single specific meaning of dongle. But I don't think you'll succeed. And I think you're likely to get very frustrated. But if that's what you want to do, have at it!

Re:NOT a dongle!

[youngerpants]

Thank you mjh, whereas the other replies merely infuriated me more, (I dont care how many hits google tells me you get for bluetooth dongle,) you've calmed the savage beast. I'll still keep correcting people in conversation though, just for geeks sake.

Re:NOT a dongle!

Well you can of course carry on, but be aware that the cable joining use of dongle predates your johnny-come-lately notion of a hardware licence enabler.

I'm sure that won't affect you though, you obviously know best...

Re:NOT a dongle!

[riegel]

Another one that bugs me is the use of modem. I have a DSL router, not a DSL modem. But this term probably has evolved from MOdulate/DEModulate.

Re:NOT a dongle!

[johnw]

To me A dongle is something that dangles off your pc.

ISTR a dongle which attached to the parallel port and came with an optional short bit of ribbon cable to stop it sticking out too far at the back of the box. This latter item was naturally known as a "dongle dangle".

Re:NOT a dongle!

Hello, McFly?

You may or may not have a router, but you certainly have a modem. What do you think that little box is doing in order transmit and receive signals over the telco wires? Hint - its modulating and demodulating the analog signals on the wire. It uses a much fancier modulation algorithm than a POTS modem, but its still a modem.

Re:Abu Mussab Al Zaqari dead at 40

[alohatiger]

I heard they found him bny pairing with his bluetooth phone.

Discovery is not pairing... no duh!

Wandering about airports, train stations and shopping malls, I routinely "discover" hundreds of babes, but "pairing", alas, is a different matter altogether.

Ok, so they discovered a whole lot of phones

[Alarash]

Many comments say "Ok, so they discovered a lot of phones, that doesn't mean they could hack into each one of them", which is true and also acknowledged by the researchers (hence the use of the word "potential" in TFA). I, for one, turn my bluetooth on only when I need to synch it with my laptop. I don't even use a "bionic man bluetooth headset" because I find these ridiculous.

However, I'd like to know what are the dangers when leaving the Bluetooth enabled on my cell phone. I set it up to require an code to bond. But that doesn't mean I'm safe, I guess. Are there any known exploits, widely used, or easy to setup, for hacking Bluetooth phones? Especially Sony-Ericsson and HP iPaq, since these are the ones I use.

Re:Ok, so they discovered a whole lot of phones

Hello,

I turn bluetooth off normally, because I thought it was unsafe to use. I thought that attackers don't need to enter a pin to connect to your blutooth-device. You nay find some info on wikipedia under bluetooth about this, but I can't seem to access wikipedia at the moment.

Greetings,

Michel

Re:Ok, so they discovered a whole lot of phones

[Rob+Kaper]

Bluetooth device IDs can be forged, so if someone knows the ID of a paired device they can easily gain access, so this isn't a good idea. As long as you have a device that requires you to accept incoming objects (v-cards/images/mp3s/etc) you should be fine. Never accept an incoming object unless you trust the source - it's kind of like e-mail.

Re:Ok, so they discovered a whole lot of phones

[Jetson]

However, I'd like to know what are the dangers when leaving the Bluetooth enabled on my cell phone.

The biggest danger is probably that you'll run out of battery much quicker than if you turn of BT when you're not using it. The same goes for WiFi.

Isn't limited range a serious hinderance too?

[King_TJ]

I guess the whole point of this experiment was testing the viability of someone taking a BT enabled device around crowded places and attempting to virus-infect as many people's phones, PDAs, and laptops as possible with it.

But that scenario strikes me as relatively pointless.

The main risk BT enabled device owners are worried about is data theft. (EG. You don't want random people downloading your photo library off your cellphone, or capturing all of your contact list data.) This would require them taking specific steps to target your specific device, and those steps would have to be taken while they're within the 30 foot or so range of you!

Some guy rolling a suitcase through an airport and saying "Ooh! Look at these logs showing all the people I could potentially hack!" means little, if he can't chase individual people down from those logs afterwards and pull down their data.

Re:Isn't limited range a serious hinderance too?

[BaseLineNL]

But that scenario strikes me as relatively pointless.

You forgot to take ego into account. Most virusses are relatively pointless, but they exist nevertheless.

Re:Isn't limited range a serious hinderance too?

ever heard of a directional yagi or parabolic dish? you can considerably increase the usable range with one of these + extra height

Not necessarily...

[sczimme]

A "Dongle" is a hardware license. that is, an adapter/ chip that plugs into a PC/ Server/ Whatever that verifies a license

Yes, that is one definition. However, the PCMCIA and CardBus network adapters (used way-back-when before laptops had built-in Ethernet) would often consist of two parts: the card itself that was inserted into the slot; and the dongle, which connected the card to the RJ-45. I have a handful of those NICs sitting around: D-Link, 3Com, and Xircom all made them, although in Xircom's case I don't remember if the dongle pre- or post-dated the X-Jack.

Forget the bluetooth

Where can I get a laptop with a 23hour battery?!!!

Re:Forget the bluetooth

RTFPDF. It's a miniITX motherboard, with a big-honking battery attached to it. By it's very design, it's going to last longer than a laptop due to the fact that 2/3 of the weight is battery. By contrast, a laptop usually only uses 1/4 of the weight for the battery. Not to mention it dosen't have to power CDroms and all that stuff.

Dadgummit

Re:Forget the bluetooth

[iamlucky13]

Hint: leave the lid shut.

Re:From the makers of cell phone anti-virus softwa

[drspliff]

So your suggesting that security professionals will never experiment?

If I were trying to keep an edge in the mobile anti-virus market, one of the first thing I'd do would be to get out there and gather as much information as possible, work out some statistics, most popular models etc.

You must work at one of these new-fangled IP firms with zero R&D budget!

it's not really news is it?

[ElephanTS]

It's called BlueJacking and has being going on for a few years. Sometimes I try it in cafes - you end up trying to guess the name of the pretty girl in the corner from your list of possibles.

In fact I'm all in favour of social networking software built into phones - something like a local myspace that you carry with you. Would be great at parties if your phone said, "You should really talk to this person - I'll put an intro in for you if you want".

Or maybe I'm being a bit sad.

http://www.funsms.net/blue_jacking.htm

Re:it's not really news is it?

[james_a_craig]

Nokia actually have a product that's intended to do pretty much what you suggest, called Sensor. However, it's nokia-specific and as far as I know the protocol's proprietary, and it's supported on a fairly small set of devices. There's also been a recent port of Apache to the Nokia Series 60 devices, which would potentially allow something similar to be DIY'd up nicely.

complete lame if you ask me.

[edgecrush3r]

Anyone can collect information about bluetooth devices on the go, and with simple Tooting action you could try to force the user install malicious software on his device. But whats the point of all this ?? In the end you gain not much, except for maybe a list of personal contacts which you can use for complete psychopate experiences. You dont need an array of devices to see if a certain exploid is working, just get your hands on the device implementation docs or just start cracking your own device ;). On an average train journey I discover 10/15 Bluetooth enabled devices on my Mobile. Using the same Mobile, I also discover 200/240 WiFi Access-Points with zero encryption if I travel by car. The latter at least gains enough connectivity to browse 'Slashdot'. Trying each door to see if a car is locked, is pointless unless your trying to steal it.

Re:complete lame if you ask me.

with simple Tooting action you could try to force the user install malicious software on his device

Oh really? I never thought of doing that. I'll try it next time I eat at Taco Kabana.

This is old news, done already in 2004

A firm carried out similar research way back in 2004, so to skip ahead and see what the findings were, check here Nick

Good Wireless Tools Resource

[fuzzybunny]

Max Moser and some of the guys at remote-exploit have a few great tools and collections for wireless sniffing (all types, including bluetooth) such as the Auditor Collection.

Just a blatant plug for a friend, check it out. I think it's pretty cool.

The REAL question is..

Umm, feel free to say no to this but... would you mind shaving my blue bag?

In other, most wondrous, news

If you walk around the countryside at night, you'll see hundreds of stars, but you cannot travel to them.

If you walk around the neighborhood, you'll see many houses, you probably do not own them.

If you walk around the forest, you'll see many trees, but you can't turn the trees into wooden furniture as you're walking.

A bunch?

[trentblase]

Why would they need "a bunch" of bluetooth dongles? TFA seems to imply they only had one bluetooth device in the bag.

WARNING!

You are broadcasting your IP address! Click here to repair.

Hah.

[dethndrek]

Is anyone else mildly amused that this article is about something called 'Bluebag' and a "bunch of Dongles"? :-P

The English Language is *NOT* a Democracy

[Zero__Kelvin]

"The problem is that language doesn't work that way. All of us, as a group, are in control of language."

This is a common misconception. It is certainly true that language evolves, however it does not happen in democratic fashion. It doesn't matter how many people use 'minute' as slang for a long time, or ask 'what you be doing?', the fact will remain that minute does not mean a long time in the English language, and correct English is only satisified by "what are you doing?". It is true that you cannot force people to speak intelligently, however you can encourage them not to intentionally sound like fools.

The bottom line is that there is no such thing as a Bluetooth Dongle unless it is a device which authenticates a software license and happens to connect via Bluetooth rather than a physical link (definition 1), or it hangs off the PC in the fashion of a Dongle (definition 2.)

Note that I do not cite the Wiki as an authority on the English language, but merely to show that the Wiki gets it right already, as hard copy dictionaries will certainly take a while to catch up.

The bottom line is you have a choice between two options:

• 1) "It has been quite a while since plugged my Bluetooth PCMCIA Card into my laptop ..."
• 2) "Yo dog ... I ain't plugged my Bluetooth Dongle into my boxen in a minute ..."

Only you can decide if you want to sound like an educated technology expert or a gangsta moron ....

Re:The English Language is *NOT* a Democracy

[mjh]

You are certainly welcome to believe whatever you wish. However, you're ignoring something that I think is important: folly is in the eye of the beholder. There was a time when it was considered slang to say "don't" and "won't", or any other contractions. The only contraction that remains as slang is "ain't", but even that's in the dictionary now.

Is the transformation of "don't" and "won't" language evolution? Yes, sure. But if you argue that the transfermation of "dongle" is not language evolution, I would have to disagree with you. The mechanism by which "don't" and "won't" became acceptable is the same mechanism by which "dongle" has taken on more than one meaning. People using it understood it and accepted it.

The vast majority of people who use "dongle" accept that it can mean something more than a license verification device. And the evidence for this is the large number of people who say "bluetooth dongle" and seem to understand what it means. The old meaning will only be upheld by the minority wishing to retain semantic purity. Frankly, I think the distinction you make between "educated technology expert" and "gansta moron" is a bit to broad brushed. I use "dongle" the way that you dislike and I get paid a lot of money to be a technology expert. My company is not willing to pay for any type of moron, gansta or not. The use of "dongle" is simply not something they consider in their hiring practices. The use of the word "crib" to mean my home, might not be very well received during an interview. But "dongle" seems to have received much wider spread acceptance than "crib".

About the only thing I agree with is that language is not a democracy. It's much more decentralized than even that. It's a market. What we get is the ability to communicate. What we pay is flexibility. If you're inflexible, you can't continue to participate in the market. Soon you won't be able to understand anyone outside of your semantically pure circle, nor will anyone else be able to understand you.

Good luck with that.

Here's my question for you: if you believe that language is not decentralized, then who is in control? Where are the edicts describing when we're going to start using "bit" to mean "binary digit", or "internet" to mean globally connected computer network? You might say that the dictionaries decide, but they don't. They reflect the changes that have already happened. They don't make those changes. So, if it's not a decentralized process, where are the central authorities deciding what new words that none of us have heard of we're going to use? In my entire life, I don't remember ever reading one.

Re:The English Language is *NOT* a Democracy

[Zero__Kelvin]

You seem to have missed my point entirely, so I will try to be more succinct. Call it a "blutooth dongle" if you wish. Ask me "yo dog, what you doing?" if you prefer. I will know what you mean, as will most people. The human race can be divided into two separate categories: 1) Those who understand ignorant people, but know the person speaking is ignorant. 2) Those who understand the ignorant people, and don't know that ignorance has been flaunted because they are ignorant.

You can obviously choose to remain ignorant if you so choose, or you can recognize that the term Dongle has a very specific set of definitions.

Lots and lots of people say Microsoft Windows is great; yet another falsehood that cannot be turned true by a concensus of the ignorant :-)

Have a ball ...

Re:The English Language is *NOT* a Democracy

[mjh]

I don't think I missed your point. I just don't happen to agree with it. Applying a different meaning to "dongle" than what you like does not make someone ignorant. It means that the meaning of the word has grown or changed.

Stick with your semantic purity if you insist. The fact that I won't be semantically pure does not make me a gansta. Nor does it make me ignorant. (Although you're welcome to believe both of those if you wish.) It simply means that I'm adaptable enough to accept new meanings for words.

FWIW, I happen to agree that there are some words (e.g. "crib" & "homey", etc) which you wouldn't expect to hear in professional circles. However, just because they exist, does not mean that all words that evolve to have new meanings are unacceptable professionally. Your vision of word meaning as black and white is overly simplistic and not reflective of the real world. IMHO.

re: directional yagis and parabolic dishes

[King_TJ]

Yes, of course you can - but how many bluetooth enabled devices include antenna jacks suitable for attaching one of these to them?

They only became well-known with wi-fi because so many wireless routers and cards had jacks on them for external antennas. Bluetooth generally has no such thing.

Re:Abu Mussab Al Zaqari dead at 40

[amrust]

+1 to Funny, for timely and, well... funny.

Targets for theft

[arn@lesto]

I reported to RISKS last April last year:
Thieves were using bluetooth to target cars that have suspended laptops left
unattended in parking lots, in my case Disney World parking.

It makes for guaranteed payoffs. If the Nokia phones are bluetooth visible
while left in the car there's another easy target.