'BlueBag' PC Sniffs Out Bluetooth Flaws

An anonymous reader writes "Why isn't Bluetooth set to "hidden" in all of Nokia's phones? Some hackers in Italy stuffed a computer with a bunch of Bluetooth dongles in a suitcase to see how many Bluetooth devices they could discover by wandering around airports, train stations and shopping malls. The answer? More than 1,400 in 23 hours." The team will present their findings at BlackHat later this summer.

Discovery is not pairing

[wish+bot]

That's great, but how many could they actually pair with?

Ohh...none?!

Re:Discovery is not pairing

[mlk]

If you rename your device to "Nokia Download Center: Snake Superupdate aviable, type 1234 for this free update"(1) I wonder how many people would blindly tap it in, and bond with you. But to be honest, I'm not really sure what you could do then over Bluetooth.

Mmm. Bonding.

My computer (in a 2nd floor flat) will every now and again get Bluetooth bonding requests, and popups welling me that I've connected to someones PIM (until I turned it off).

1) Or "Free PORN!" equivalent.

So????

[__aahlyu4518]

I can discover even more frontdoors in the same period of time.
But how many are open so I can walk in ???

Isn't limited range a serious hinderance too?

[King_TJ]

I guess the whole point of this experiment was testing the viability of someone taking a BT enabled device around crowded places and attempting to virus-infect as many people's phones, PDAs, and laptops as possible with it.

But that scenario strikes me as relatively pointless.

The main risk BT enabled device owners are worried about is data theft. (EG. You don't want random people downloading your photo library off your cellphone, or capturing all of your contact list data.) This would require them taking specific steps to target your specific device, and those steps would have to be taken while they're within the 30 foot or so range of you!

Some guy rolling a suitcase through an airport and saying "Ooh! Look at these logs showing all the people I could potentially hack!" means little, if he can't chase individual people down from those logs afterwards and pull down their data.

Re:NOT a dongle!

[mjh]

The problem is that language doesn't work that way. All of us, as a group, are in control of language. Words that were intended for one context frequently apply to all kinds of other contexts. And people gravitate towards analogies. So the "dongle" that you speak of, works very well as an analogy for a bluetooth peripheral. Pretty soon, "dongle" means any sort of thing you plug into a PC that sticks out the end.

It is very difficult to keep people from using words the way that they want to. This is the motivation behind trademark laws. Once the mass decides that a word (e.g. kleenex or xerox) means something more than the specific original intention, the game is up. I believe that dongle has passed that threshold.

So you can continue, in a Quixote-esque manner, to try and steer people back to the single specific meaning of dongle. But I don't think you'll succeed. And I think you're likely to get very frustrated. But if that's what you want to do, have at it!

Re:From the makers of cell phone anti-virus softwa

[drspliff]

So your suggesting that security professionals will never experiment?

If I were trying to keep an edge in the mobile anti-virus market, one of the first thing I'd do would be to get out there and gather as much information as possible, work out some statistics, most popular models etc.

You must work at one of these new-fangled IP firms with zero R&D budget!