Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

'BlueBag' PC Sniffs Out Bluetooth Flaws 76

Posted by timothy
from the next-door-neighbors dept.
An anonymous reader writes "Why isn't Bluetooth set to "hidden" in all of Nokia's phones? Some hackers in Italy stuffed a computer with a bunch of Bluetooth dongles in a suitcase to see how many Bluetooth devices they could discover by wandering around airports, train stations and shopping malls. The answer? More than 1,400 in 23 hours." The team will present their findings at BlackHat later this summer.
This discussion has been archived. No new comments can be posted.

'BlueBag' PC Sniffs Out Bluetooth Flaws

Comments Filter:
  • by wish bot (265150) on Thursday June 08, 2006 @07:51AM (#15493723)
    That's great, but how many could they actually pair with?

    Ohh...none?!

  • by elrous0 (869638) * on Thursday June 08, 2006 @07:57AM (#15493765)
    Convenient findings from the makers of cell phone anti-virus software [f-secure.com], no?

    -Eric

    • So your suggesting that security professionals will never experiment?

      If I were trying to keep an edge in the mobile anti-virus market, one of the first thing I'd do would be to get out there and gather as much information as possible, work out some statistics, most popular models etc.

      You must work at one of these new-fangled IP firms with zero R&D budget!
  • news? (Score:5, Informative)

    by SillyNickName4me (760022) <dotslash@bartsplace.net> on Thursday June 08, 2006 @08:04AM (#15493807) Homepage
    While it is a fun experiment, it is really not news at all.

    I have to make a 5 1/2 hours trip by train about twice a month, and for a while one of my ways to waste some time was bugging people who have bluetooth enabled phones...

    My 'toolset' ?

    A Palm m505 equipped with a bluetooth sdcard.

    Typically, just walking through the train from one end to another would get me some tens of phones and a laptop here and there.

    Often you can't pair with devices you find, but many of them don't really require pairing for getting data from them, and besides, pairing requests allow for sending text messages, and a 'yes' is an instinctive reply whenever people get bugged by popups.. also on a phone.. Even if that doesn't work, you can still bug people and even make use of their phone difficult... (great when you can find the phone of that extremely loudly talking person)

    This was some 3 years ago, and it was well documented back then already.
    • It's an issue I'm sure that a lot of Nokia phone owners aren't aware of. I didn't realize that my phone's Bluetooth settings were set that way until I read the blurb and checked. I turned it off and changed it to hidden (just in case I ever want to reactivate it later).

      I don't exactly have anything important in my phone, but given the existance of Bluetooth exploits, [zdnet.com] I'd rather not leave the ports open as it were.
    • Re:news? (Score:4, Funny)

      by eraserewind (446891) on Thursday June 08, 2006 @08:37AM (#15494001)
      Do you also knock on people's doors and then run away?
      • Re:news? (Score:1, Funny)

        by Anonymous Coward
        I knock on doors, then when they answer, just stand there until they tell me to go away.
      • Do you also knock on people's doors and then run away?

        No (tho at some point in my life I did try.. and I would be surprised if you can honestly say you never did), but if they leave their door open with a 'Welcome' sign over it, I might walk in and take a look.

    • It's called BlueJacking and has being going on for a few years. Sometimes I try it in cafes - you end up trying to guess the name of the pretty girl in the corner from your list of possibles.

      In fact I'm all in favour of social networking software built into phones - something like a local myspace that you carry with you. Would be great at parties if your phone said, "You should really talk to this person - I'll put an intro in for you if you want".

      Or maybe I'm being a bit sad.

      http://www.funsms.net/blue_jack [funsms.net]
      • Nokia actually have a product that's intended to do pretty much what you suggest, called Sensor [nokia.com]. However, it's nokia-specific and as far as I know the protocol's proprietary, and it's supported on a fairly small set of devices. There's also been a recent port of Apache [nokia.com] to the Nokia Series 60 devices, which would potentially allow something similar to be DIY'd up nicely.
    • flesh this out a bit more and your post could be the story and this waste of time at the top of the page could be someone's reply
  • I can use my laptop and find out the location of each and every single strategic installations in the world. That surely does not allow me to log in to or enter any of them and cause mischief. Just because they were able to 'see' bluetooth device is not a security risk - It becomes serious only if they were able to pair to any of them,with or without a passcode. But I remember P.Hilton or somebody getting plastered all over the net with pics hacked from her cell using bluetooth. Just can't find the link.
  • From TFA:

    Using Bluetooth is "like sex," Zanero said. "It's better with precautions."

    Anyone care to come up with a joke about getting a trojan and wearing a trojan?
  • Does it really matter how many devices with Bluetooth on they found? I always keep mine on, so that I don't have to turn it off and on when I am leaving/getting home to use such nifty tools as Salling Clicker [salling.com] in OS X (available for Windows too)
  • So???? (Score:2, Insightful)

    by MarsDude (74832)
    I can discover even more frontdoors in the same period of time.
    But how many are open so I can walk in ???
  • NOT a dongle! (Score:3, Informative)

    by youngerpants (255314) on Thursday June 08, 2006 @08:33AM (#15493974)
    OK, this peeves me. A "Dongle" is a hardware license. that is, an adapter/ chip that plugs into a PC/ Server/ Whatever that verifies a license.


    These guys plugged several bluetooth peripherals into a laptop.


    Sorry, but this is a technology site.

    • "bluetooth dongle" is a very common usage for a bluetooth-peripheral-that-plugs-into-hardware-and- verifies-license-AND-lets-you-connect-to-other-blu etooth-enabled-devices.
      Try googling bluetooth dongle or going to your friendly neighbourhood shop and ask for a dongle. By the way,if you ask for a bluetooth peripheral, you might get everything from a dongle to headsets to mice.
    • To me A dongle is something that dangles off your pc.

      It may well be a hardware license protection device, but the shape and the attachment to your PC are the real criteria. It must have that distinguishable dongly shape...

      And Google gives 12.600 hits for 'software dongle' ;)

      X.
      • To me A dongle is something that dangles off your pc.

        ISTR a dongle which attached to the parallel port and came with an optional short bit of ribbon cable to stop it sticking out too far at the back of the box. This latter item was naturally known as a "dongle dangle".
    • Ummm, No. [wikipedia.org]

      "Dongle as the name of a device was used well before 1980 within the telecoms industry to refer to BNC cable joiners of either sex (such as the RG58 cable used on 10 meg Ethernet)."

      Justin.


    • A "Dongle" is a hardware license. that is, an adapter/ chip that plugs into a PC/ Server/ Whatever that verifies a license

      Yes, that is one definition. However, the PCMCIA and CardBus network adapters (used way-back-when before laptops had built-in Ethernet) would often consist of two parts: the card itself that was inserted into the slot; and the dongle, which connected the card to the RJ-45. I have a handful of those NICs sitting around: D-Link, 3Com, and Xircom all made them, although in Xircom's ca
    • Re:NOT a dongle! (Score:5, Insightful)

      by mjh (57755) <mark@horncl[ ]com ['an.' in gap]> on Thursday June 08, 2006 @09:09AM (#15494192) Homepage Journal
      The problem is that language doesn't work that way. All of us, as a group, are in control of language. Words that were intended for one context frequently apply to all kinds of other contexts. And people gravitate towards analogies. So the "dongle" that you speak of, works very well as an analogy for a bluetooth peripheral. Pretty soon, "dongle" means any sort of thing you plug into a PC that sticks out the end.

      It is very difficult to keep people from using words the way that they want to. This is the motivation behind trademark laws. Once the mass decides that a word (e.g. kleenex or xerox) means something more than the specific original intention, the game is up. I believe that dongle has passed that threshold.

      So you can continue, in a Quixote-esque manner, to try and steer people back to the single specific meaning of dongle. But I don't think you'll succeed. And I think you're likely to get very frustrated. But if that's what you want to do, have at it!
      • Thank you mjh, whereas the other replies merely infuriated me more, (I dont care how many hits google tells me you get for bluetooth dongle,) you've calmed the savage beast. I'll still keep correcting people in conversation though, just for geeks sake.
        • Another one that bugs me is the use of modem. I have a DSL router, not a DSL modem. But this term probably has evolved from MOdulate/DEModulate.
      • "The problem is that language doesn't work that way. All of us, as a group, are in control of language."

        This is a common misconception. It is certainly true that language evolves, however it does not happen in democratic fashion. It doesn't matter how many people use 'minute' as slang for a long time, or ask 'what you be doing?', the fact will remain that minute does not mean a long time in the English language, and correct English is only satisified by "what are you doing?". It is true that you cannot

        • You are certainly welcome to believe whatever you wish. However, you're ignoring something that I think is important: folly is in the eye of the beholder. There was a time when it was considered slang to say "don't" and "won't", or any other contractions. The only contraction that remains as slang is "ain't", but even that's in the dictionary now.

          Is the transformation of "don't" and "won't" language evolution? Yes, sure. But if you argue that the transfermation of "dongle" is not language evolution, I
          • You seem to have missed my point entirely, so I will try to be more succinct. Call it a "blutooth dongle" if you wish. Ask me "yo dog, what you doing?" if you prefer. I will know what you mean, as will most people. The human race can be divided into two separate categories: 1) Those who understand ignorant people, but know the person speaking is ignorant. 2) Those who understand the ignorant people, and don't know that ignorance has been flaunted because they are ignorant.

            You can obviously choose to
            • I don't think I missed your point. I just don't happen to agree with it. Applying a different meaning to "dongle" than what you like does not make someone ignorant. It means that the meaning of the word has grown or changed.

              Stick with your semantic purity if you insist. The fact that I won't be semantically pure does not make me a gansta. Nor does it make me ignorant. (Although you're welcome to believe both of those if you wish.) It simply means that I'm adaptable enough to accept new meanings for w
  • by Alarash (746254) on Thursday June 08, 2006 @08:50AM (#15494071)
    Many comments say "Ok, so they discovered a lot of phones, that doesn't mean they could hack into each one of them", which is true and also acknowledged by the researchers (hence the use of the word "potential" in TFA). I, for one, turn my bluetooth on only when I need to synch it with my laptop. I don't even use a "bionic man bluetooth headset" because I find these ridiculous.

    However, I'd like to know what are the dangers when leaving the Bluetooth enabled on my cell phone. I set it up to require an code to bond. But that doesn't mean I'm safe, I guess. Are there any known exploits, widely used, or easy to setup, for hacking Bluetooth phones? Especially Sony-Ericsson and HP iPaq, since these are the ones I use.
  • by King_TJ (85913) on Thursday June 08, 2006 @09:00AM (#15494128) Journal
    I guess the whole point of this experiment was testing the viability of someone taking a BT enabled device around crowded places and attempting to virus-infect as many people's phones, PDAs, and laptops as possible with it.

    But that scenario strikes me as relatively pointless.

    The main risk BT enabled device owners are worried about is data theft. (EG. You don't want random people downloading your photo library off your cellphone, or capturing all of your contact list data.) This would require them taking specific steps to target your specific device, and those steps would have to be taken while they're within the 30 foot or so range of you!

    Some guy rolling a suitcase through an airport and saying "Ooh! Look at these logs showing all the people I could potentially hack!" means little, if he can't chase individual people down from those logs afterwards and pull down their data.
  • by Anonymous Coward
    Where can I get a laptop with a 23hour battery?!!!
  • Anyone can collect information about bluetooth devices on the go, and with simple Tooting action you could try to force the user install malicious software on his device. But whats the point of all this ?? In the end you gain not much, except for maybe a list of personal contacts which you can use for complete psychopate experiences. You dont need an array of devices to see if a certain exploid is working, just get your hands on the device implementation docs or just start cracking your own device ;). On
  • Max Moser and some of the guys at remote-exploit [remote-exploit.org] have a few great tools and collections for wireless sniffing (all types, including bluetooth) such as the Auditor Collection.

    Just a blatant plug for a friend, check it out. I think it's pretty cool.
  • Why would they need "a bunch" of bluetooth dongles? TFA seems to imply they only had one bluetooth device in the bag.
  • Is anyone else mildly amused that this article is about something called 'Bluebag' and a "bunch of Dongles"? :-P
  • I reported to RISKS last April last year:
    Thieves were using bluetooth to target cars that have suspended laptops left
    unattended in parking lots, in my case Disney World parking.

    It makes for guaranteed payoffs. If the Nokia phones are bluetooth visible
    while left in the car there's another easy target.

What the world *really* needs is a good Automatic Bicycle Sharpener.

Working...