Tuesday, June 21, 2005

Bluetooth Snarfing Sniper Rifle

The point of this post is to make people aware of the endless vulnerabilities around you. Now I don't mean to panic you or cause paranoia in my readers, but it's important to recognize that your computer, your cell phone, your PDA and virtually any other electronic device that stores and transmits data is "hackable". When it comes to technology, privacy is never fool-proof. There is no such thing as 100% secure and that rule even applies to the government. Where there is a will, there is a way. Hackers prove this theory over and over again. The first step in gaining back your privacy and security is being aware, being informed. So read the article below and then you can consider yourself to be a little more knowledgeable on one of the latest methods in which hackers are compromising your everyday life.


Bluetooth is a short-range radio technology aimed at simplifying communications among Internet devices, between Bluetooth enabled devices and the Internet. It also aims to simplify data synchronization between Internet devices and other computers. Hackers have found many flaws with Bluetooth devices. As these devices gain in popularity, the public needs to be made aware of vulnerability issues with the various Bluetooth devices such as phones, PDAs and wireless headsets. Three of the most interesting attacks were Bluesnarfing, Bluetracking and Bluebugging.

  • Bluesnarfing is attacking the Bluetooth device, usually a phone, to rip out information. Hackers can obtain phonebooks, calendars and stored SMS messages.
  • Bluetracking is tracking a person's movement by tracking their Bluetooth device. All Bluetooth devices have a unique address, similar to a MAC address on computer network cards. By using special sensors or antennas you can see where a particular Bluetooth device pops up and record a person's movement.
  • Bluebugging involves sending executable commands to the Bluetooth device. With the proper software, you could secretly turn on a phone and make it call you. Why is this important? You have just turned the phone into a listening device that can record without your target knowing it.
At last year's annual Defon "hacker convention gathering", the Flexilis team walked in with their BlueSniper Bluetooth sniper, everyone wanted to know what this evil looking contraption could do. It looks like a mutant cross between a sniper rifle and Ghostbusters particle canon, complete with nuclear backpack. Thankfully, it is a very simple device that can do one thing well: find and attack Bluetooth devices from far away. The BlueSniper is a rifle stock with a scope and yagi antenna attached. A cable attaches the antenna to the Bluetooth card, which can be in a PDA or laptop computer. The laptop can be carried in a backpack with the cables connecting into the backpack, giving it the Ghostbusters look.

The Flexilis teams demonstrated the gun with some home-brewed Bluetooth scanning software. They pointed the gun down the hallways and out windows. Almost instantly, vulnerable phones with their unique Bluetooth device numbers appeared on the laptop screen. The device is powerful enough to detect devices through building walls!

No comments:

Post a Comment