Off Topic: The Flood
This topic has moved here: Subject: "BlueTooth Attack..." Intresting reading if your like m...
  • Subject: "BlueTooth Attack..." Intresting reading if your like m...
Subject: "BlueTooth Attack..." Intresting reading if your like m...
  • gamertag:
  • user homepage:
  • last post: 01.01.0001 12:00 AM PDT

How Off-The-Shelf-Components Can Intercept Your Bluetooth Wireless Data

Since its conception in the late 1990s, Bluetooth has arguably become the most widely adopted wireless technology by consumers and manufacturers alike, as well as touted as an industry standard for short-range wireless communications. With more than 3 million Bluetooth-enabled devices shipping a week, Bluetooth technology is moving towards ubiquity at a staggering pace. The Bluetooth protocol resides in devices of all types from over 3,000 companies worldwide including BMW, Toyota, Acura, IBM, HP, Microsoft, PalmOne, Motorola, Nokia, Sony Ericsson and Logitech. A virtually endless list of possible implementations and uses for this protocol pave the way for a future of ubiquity for Bluetooth, however certain inherent security vulnerabilities within the Bluetooth stack itself pose a significant threat to the future of Bluetooth.

Over the past six months Bluetooth has received quite a bit of media attention due to the discovery of several security vulnerabilities that inherently reside within the Bluetooth stack itself, most notably: "BlueJacking," "BlueSnarfing," "BlueBugging," and "The Bluetooth Backdoor Attack." Although these attacks have been widely publicized, manufacturers have discounted these attacks touting the notion that they are insignificant due to limitations such as range. It turns out the manufacturers were sorely mistaken...

On a very early morning at the Santa Monica Pier in August of 2004, a team from Flexilis (www.flexilis.com), a wireless research and development firm based out of Los Angeles, along with Martin Herfurt, Mike Outmesguine, and The Screen Savers crew were able to do what no one has previously attempted: A proof-of-concept long-distance Bluetooth attack in a closed environment, documented every step of the way. Using off-the-shelf components such as a LinkSys BT100 USB Bluetooth Adaptor and 19Dbi Panel Antenna as well as a few simple hardware hacks, the Flexilis team was able to establish a connection to a standard class 3 Nokia 6310i from a distance of 1.08 miles, a new world record for Bluetooth Propagation. Not only were they able to connect to the 6310i but they also gained access to restricted data within the phone and were able to send sms messages and make outward calls from the target device.

After successfully proving that it is most definitely possible to perform a long-distance attack against a Bluetooth-enabled device, attention has once again been turned to the issue. The threat is real, and at this point the only thing a user may do to defend against these attacks is disable Bluetooth. This is unacceptable. The public will not be forced out of using this technology simply because manufacturers are not addressing the issue. Many people ask "How does this affect me?" The answer is simple: Bluetooth is an amazing technology that will prove an invaluable short range wireless communications protocol and is quickly progressing towards ubiquity, BUT it is important that the users of Bluetooth take a stand and urge manufacturers to recognize and address these significant vulnerabilities.

Equipment:
Dell Inspiron 8600
Flexilis Scanning and Vulnerability Assessment Software
Modded Linksys BT100 USB Bluetooth Adaptor
BlueSniper Rifle (14 Dbi Semi-Directional Yagi Antenna)
8Dbi Omni-Directional Antenna
8Dbi Semi-Directional Patch Panel Antenna

  • 01.11.2005 7:19 AM PDT
  • gamertag:
  • user homepage:
  • last post: 01.01.0001 12:00 AM PDT

wow scary, Im gonna go interegate my phone...

  • 01.11.2005 8:19 AM PDT
  • gamertag:
  • user homepage:
  • last post: 01.01.0001 12:00 AM PDT

I prefer wi-fi.

  • 01.11.2005 9:11 AM PDT

i so have to learn that

  • 01.11.2005 10:31 AM PDT
  • gamertag:
  • user homepage:
  • last post: 01.01.0001 12:00 AM PDT

Oh thats not a problem...DAMN! (quickly flicks off bluetooth connection, and realises it's cut off internet)

  • 01.11.2005 11:46 AM PDT

._____Metal
/..}-/-{..\
I.X....X.I..... Jets: Check
.T_V_T......Chargers: Check
...****........Colts: -blam!- them....

I gotta' get me some of that stuff.
Where da' ya' live, partner?

  • 01.11.2005 11:50 AM PDT