Slashdot Mirror

← Back to Stories (view on slashdot.org)

'BlueBag' PC Sniffs Out Bluetooth Flaws

Posted by ryuzaki0 on from the next-door-neighbors dept.

An anonymous reader writes "Why isn't Bluetooth set to "hidden" in all of Nokia's phones? Some hackers in Italy stuffed a computer with a bunch of Bluetooth dongles in a suitcase to see how many Bluetooth devices they could discover by wandering around airports, train stations and shopping malls. The answer? More than 1,400 in 23 hours." The team will present their findings at BlackHat later this summer.

18 of 76 comments (clear)

  1. Discovery is not pairing by wish+bot · · Score: 5, Insightful
    That's great, but how many could they actually pair with?

    Ohh...none?!

    --
    lemonade was a popular drink and it still is
    1. Re:Discovery is not pairing by mlk · · Score: 3, Insightful

      If you rename your device to "Nokia Download Center: Snake Superupdate aviable, type 1234 for this free update"(1) I wonder how many people would blindly tap it in, and bond with you. But to be honest, I'm not really sure what you could do then over Bluetooth.

      Mmm. Bonding.

      My computer (in a 2nd floor flat) will every now and again get Bluetooth bonding requests, and popups welling me that I've connected to someones PIM (until I turned it off).

      1) Or "Free PORN!" equivalent.

      --
      Wow, I should not post when knackered.
    2. Re:Discovery is not pairing by Tim+C · · Score: 4, Funny

      In related news, 100% of people walking past my front door can see it...

      --
      It's official. Most of you are morons.
  2. From the makers of cell phone anti-virus software by elrous0 · · Score: 4, Informative
    Convenient findings from the makers of cell phone anti-virus software, no?

    -Eric

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
  3. news? by SillyNickName4me · · Score: 4, Informative

    While it is a fun experiment, it is really not news at all.

    I have to make a 5 1/2 hours trip by train about twice a month, and for a while one of my ways to waste some time was bugging people who have bluetooth enabled phones...

    My 'toolset' ?

    A Palm m505 equipped with a bluetooth sdcard.

    Typically, just walking through the train from one end to another would get me some tens of phones and a laptop here and there.

    Often you can't pair with devices you find, but many of them don't really require pairing for getting data from them, and besides, pairing requests allow for sending text messages, and a 'yes' is an instinctive reply whenever people get bugged by popups.. also on a phone.. Even if that doesn't work, you can still bug people and even make use of their phone difficult... (great when you can find the phone of that extremely loudly talking person)

    This was some 3 years ago, and it was well documented back then already.

    1. Re:news? by eraserewind · · Score: 3, Funny

      Do you also knock on people's doors and then run away?

  4. Nuclear Powerstations and Missiles by k1980pc · · Score: 2, Informative

    I can use my laptop and find out the location of each and every single strategic installations in the world. That surely does not allow me to log in to or enter any of them and cause mischief. Just because they were able to 'see' bluetooth device is not a security risk - It becomes serious only if they were able to pair to any of them,with or without a passcode. But I remember P.Hilton or somebody getting plastered all over the net with pics hacked from her cell using bluetooth. Just can't find the link.

    1. Re:Nuclear Powerstations and Missiles by Darth_brooks · · Score: 4, Informative

      Her sidekick didn't get hacked via bluetooth. The just used a really simple, easy to guess password and her web access (Sidekicks dont actually store much data, they ship photos & the address book off to the T-mobile servers.). IIRC she used the name of that little rat dog she used to carry around.

      Her "incident" touched off a series of B-list celebs getting their sidekick data plasted around the web. I think Fred Durst was another one that was caught the same way.

      --
      There are some people that if they don't know, you can't tell 'em.
  5. That's an odd analogy... by il_cuoco · · Score: 2, Funny

    From TFA:

    Using Bluetooth is "like sex," Zanero said. "It's better with precautions."

    Anyone care to come up with a joke about getting a trojan and wearing a trojan?

    --
    "You can't expect to wield supreme executive power just becuase some watery tart threw a sword at you!"
  6. NOT a dongle! by youngerpants · · Score: 2, Informative
    OK, this peeves me. A "Dongle" is a hardware license. that is, an adapter/ chip that plugs into a PC/ Server/ Whatever that verifies a license.


    These guys plugged several bluetooth peripherals into a laptop.


    Sorry, but this is a technology site.

    1. Re:NOT a dongle! by mjh · · Score: 4, Insightful

      The problem is that language doesn't work that way. All of us, as a group, are in control of language. Words that were intended for one context frequently apply to all kinds of other contexts. And people gravitate towards analogies. So the "dongle" that you speak of, works very well as an analogy for a bluetooth peripheral. Pretty soon, "dongle" means any sort of thing you plug into a PC that sticks out the end.

      It is very difficult to keep people from using words the way that they want to. This is the motivation behind trademark laws. Once the mass decides that a word (e.g. kleenex or xerox) means something more than the specific original intention, the game is up. I believe that dongle has passed that threshold.

      So you can continue, in a Quixote-esque manner, to try and steer people back to the single specific meaning of dongle. But I don't think you'll succeed. And I think you're likely to get very frustrated. But if that's what you want to do, have at it!

      --
      Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
  7. Discovery is not pairing... no duh! by Anonymous Coward · · Score: 2, Funny

    Wandering about airports, train stations and shopping malls, I routinely "discover" hundreds of babes, but "pairing", alas, is a different matter altogether.

  8. Ok, so they discovered a whole lot of phones by Alarash · · Score: 2, Interesting

    Many comments say "Ok, so they discovered a lot of phones, that doesn't mean they could hack into each one of them", which is true and also acknowledged by the researchers (hence the use of the word "potential" in TFA). I, for one, turn my bluetooth on only when I need to synch it with my laptop. I don't even use a "bionic man bluetooth headset" because I find these ridiculous.

    However, I'd like to know what are the dangers when leaving the Bluetooth enabled on my cell phone. I set it up to require an code to bond. But that doesn't mean I'm safe, I guess. Are there any known exploits, widely used, or easy to setup, for hacking Bluetooth phones? Especially Sony-Ericsson and HP iPaq, since these are the ones I use.

    1. Re:Ok, so they discovered a whole lot of phones by Rob+Kaper · · Score: 3, Informative

      Bluetooth device IDs can be forged, so if someone knows the ID of a paired device they can easily gain access, so this isn't a good idea. As long as you have a device that requires you to accept incoming objects (v-cards/images/mp3s/etc) you should be fine. Never accept an incoming object unless you trust the source - it's kind of like e-mail.

  9. Isn't limited range a serious hinderance too? by King_TJ · · Score: 2, Insightful

    I guess the whole point of this experiment was testing the viability of someone taking a BT enabled device around crowded places and attempting to virus-infect as many people's phones, PDAs, and laptops as possible with it.

    But that scenario strikes me as relatively pointless.

    The main risk BT enabled device owners are worried about is data theft. (EG. You don't want random people downloading your photo library off your cellphone, or capturing all of your contact list data.) This would require them taking specific steps to target your specific device, and those steps would have to be taken while they're within the 30 foot or so range of you!

    Some guy rolling a suitcase through an airport and saying "Ooh! Look at these logs showing all the people I could potentially hack!" means little, if he can't chase individual people down from those logs afterwards and pull down their data.

  10. Re:May not be news, but... by SillyNickName4me · · Score: 2, Informative

    Simply turning off bluetooth alltogether unless you are actually using it may also do some nice things for talk/standby time btw.

  11. Re:From the makers of cell phone anti-virus softwa by drspliff · · Score: 2, Insightful

    So your suggesting that security professionals will never experiment?

    If I were trying to keep an edge in the mobile anti-virus market, one of the first thing I'd do would be to get out there and gather as much information as possible, work out some statistics, most popular models etc.

    You must work at one of these new-fangled IP firms with zero R&D budget!

  12. Re:The English Language is *NOT* a Democracy by mjh · · Score: 2, Interesting

    You are certainly welcome to believe whatever you wish. However, you're ignoring something that I think is important: folly is in the eye of the beholder. There was a time when it was considered slang to say "don't" and "won't", or any other contractions. The only contraction that remains as slang is "ain't", but even that's in the dictionary now.

    Is the transformation of "don't" and "won't" language evolution? Yes, sure. But if you argue that the transfermation of "dongle" is not language evolution, I would have to disagree with you. The mechanism by which "don't" and "won't" became acceptable is the same mechanism by which "dongle" has taken on more than one meaning. People using it understood it and accepted it.

    The vast majority of people who use "dongle" accept that it can mean something more than a license verification device. And the evidence for this is the large number of people who say "bluetooth dongle" and seem to understand what it means. The old meaning will only be upheld by the minority wishing to retain semantic purity. Frankly, I think the distinction you make between "educated technology expert" and "gansta moron" is a bit to broad brushed. I use "dongle" the way that you dislike and I get paid a lot of money to be a technology expert. My company is not willing to pay for any type of moron, gansta or not. The use of "dongle" is simply not something they consider in their hiring practices. The use of the word "crib" to mean my home, might not be very well received during an interview. But "dongle" seems to have received much wider spread acceptance than "crib".

    About the only thing I agree with is that language is not a democracy. It's much more decentralized than even that. It's a market. What we get is the ability to communicate. What we pay is flexibility. If you're inflexible, you can't continue to participate in the market. Soon you won't be able to understand anyone outside of your semantically pure circle, nor will anyone else be able to understand you.

    Good luck with that.

    Here's my question for you: if you believe that language is not decentralized, then who is in control? Where are the edicts describing when we're going to start using "bit" to mean "binary digit", or "internet" to mean globally connected computer network? You might say that the dictionaries decide, but they don't. They reflect the changes that have already happened. They don't make those changes. So, if it's not a decentralized process, where are the central authorities deciding what new words that none of us have heard of we're going to use? In my entire life, I don't remember ever reading one.

    --
    Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.