Bluetooth Bites

Bluetooth eavesdropping, and related security/privacy issues, are covered here on a regular basis. The following are from the new, and worth repeating, files...

Car Whisperer
"Once the connection has been successfully established, the carwhisperer binary starts sending audio to, and recording audio from the headset. This allows attackers to inject audio data into the car. This could be fake traffic announcements or nice words. Attackers are also able to eavesdrop conversations among people sitting in the car."

Blooover II
"Blooover II is the successor of the very popular application Blooover (Blooover is a tool that is intended to serve as an audit tool that people can use to check whether their phones and phones of friends and employees are vulnerable). After 150000 downloads of Blooover within the year 2005 (since the initial release in at 21c3 in December 2004), a new version of this mobile phone auditing tool is on its ready."

"Besides the BlueBug attack, (Exploiting this loophole allows the unauthorized downloading phone books and call lists, the sending and reading of SMS messages from the attacked phone and many more things.) Blooover II supports the HeloMoto attack (which is quite close to the BlueBug attack), the BlueSnarf and the sending of malformed objects via OBEX." (more)

Wireless Keyboard Interception - Encryption Cracked

Security researchers have cracked the rudimentary encryption used in a range of popular wireless keyboards.

Bluetooth is increasingly becoming the de-facto standard for wireless communication in peripheral devices and is reckoned to be secure. But some manufacturers such as Logitech and Microsoft rely on 27 MHz radio technology which, it transpires, is anything but secure.

Using nothing more than a simple radio receiver, a soundcard and suitable software, Swiss security firm Dreamlab Technologies managed to capture and decode the radio communications between a keyboard and a PC.

The attack opens the way up to all sorts of mischief including keystroke logging to capture login credentials to online banking sites or email accounts. (more)

Blue Bugging - Corporate Data Risk

UK - Thieves are using Bluetooth phones to detect whether motorists have left laptops, mobile phones or state-of-the-art PDAs in their cars.

PC Davis said: "Even if they are out of sight in the boot or glove compartment, the Bluetooth technology enables computer-literate thieves to locate compatible kit easily."

When a car contains a Bluetooth-enabled laptop, a signal on the screen of the thief's mobile displays not just its presence, but also its make or model.

The thieves then have an easy target and the expensive laptops are often stolen to order.

PC Davis said: "Blue-bugging techniques can also be used to hack into mobiles, which are increasingly used as portable data stores, with details such as passwords, PIN numbers and other sensitive information ready for the taking.

"These days, a great deal of confidential company information, bank account details, private emails and so on are accessible through laptops, PDAs and even mobiles.

"People should realise that as well as equipment losses, they are at serious risk of corporate data theft if Bluetooth devices are left enabled and unsecured." (more)

Biting with Bluetooth

The carwhisperer project...

Once the connection has been successfully established, the carwhisperer binary starts sending audio to, and recording audio from the headset. This allows attackers to inject audio data into the car. This could be fake traffic announcements or nice words. Attackers are also able to eavesdrop conversations among people sitting in the car.

Ideally, the carwhisperer is used with a toooned dongle and a directional antenna that enhances the range of a Bluetooth radio quite a bit. (more)

Bluetooth Sound Bites

When you talk over a hands-free Bluetooth device while driving your car, it is possible that some unwanted persons are listening to your conversation without your knowledge. Jim Stickley, ID theft expert and CTO of TraceSecurity, proved that the devices are vulnerable to eavesdropping.

Appearing on NBC’s TODAY show, Stickley demonstrated how vulnerable the hands-free car devices are even to the most simple of attacks.

During the testing, Stickly followed a car that was equipped with a hands-free Bluetooth device and listened the conversation without the knowledge of the occupants. (more)

GSM Cell Phone Encryption

I received a email from Silentel, s.r.o. in Slovakia with information about their novel new product designed to protect GSM cell phone calls against eavesdropping.

Interesting concept...
You provide the phone (any standard Smartphone using the Symbian OS). They provide the software and a hardware module with headset (pictured). The hardware connects to your cell phone using Bluetooth! Cool concept. Looks portable and covert.

Here is what they say...
"Silentel SecureCall is a system that encrypts your call through the GSM mobile phone and absolutely thwarts its tapping. Encryption uses the AES 256 algorithm which is currently the highest security standard worldwide. It is the system with the end-to-end security. The whole conversation from one user to the other is encrypted." (more)

Gumshoe Surveillance Trick #623

Department of Computer Science and Engineering, University of Washington - The Nike+iPod kit consists of a sensor which is placed in the sole of your left Nike+ shoe and a receiver which plugs into the bottom of the iPod Nano. The sensor in your shoe detects when you take steps (while walking or jogging) and transmits this information to the receiver.

When you walk or run the Nike+iPod sensor in your shoe will transmit messages using a wireless radio. These messages contain a unique identifier that can be detected from 60 feet away. This information is potentially private because it can reveal where you are, even when you'd prefer for a bad person to not know your location.

From Nike... Simply slip the Nike+ sensor into the Air Zoom Moire shoe pocket, or any other Nike+ Ready shoe, and head out. The Nike+ sensor slips unobtrusively into a pocket under the sockliner. Waterproof and virtually unbreakable. $29.00