Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Bluetooth attacks


ghost's Avatar
0 0

I've read on a few sites about the recent bluetooth virusfor symbian phones and came upon a reference to bluetooth attacks, forcing devices to pair… Taking over phones… making phone calls on they're line romotley. I was just wondering( after a resonable streach of googling it, which will, rest assured, be continued after this post) wheather any of you new of any, I haven't found a single one :S.

Wolfmankurd


ghost's Avatar
0 0

Well afetr a day of looking I've found:… nout i didn't already know.


ghost's Avatar
0 0

heres something i found isnt much and you may have already knew it so here it is

Linux Bluetooth hackers hijack car audio By John Leyden Published Tuesday 2nd August 2005 13:21 GMT Get breaking Mobile news straight to your desktop - click here to find out how

Linux hackers have demonstrated a way to inject or record audio signals from passing cars running insecure Bluetooth hands-free units. The Trifinite group showed how hackers could eavesdrop on passing motorists using a directional antenna and a Linux Laptop running a tool it has developed called Car Whisperer.

The software was demonstrated during a Bluetooth Security talk at last week's What the Hack hacker festival in The Netherlands. Trifinite has developed a specialism in unearthing Bluetooth security shortcomings, the latest of which illustrates implementation problems rather than more deep-seated security concerns with the protocol. Car Whisperer only works because many car manufacturers use standard Bluetooth passkeys such as "0000" or "1234" which are easy to guess. "This is often is the only authentication that is needed to connect," according to Trifinite. Click Here

Once connected hackers can interact with other drivers or even eavesdrop conversations from inside other cars by accessing the microphone. And that's just for starters.

"Since the attacker's laptop is fully trusted once it has a valid link key, the laptop could be used in order to access all the services offered on the hands-free unit. Often, phone books are stored in these units. I am quite certain that there will be more issues with the security of these systems due to the use of standard pass keys," Trifinite notes. ®


ghost's Avatar
0 0

Yeah i saww that on f-secure pretty cool, but i wanted to force blutooth connections.:)


ghost's Avatar
0 0

Theres a few different types of bluetooth attatcks on mobile phones these days. The phones generally vulnerable are thos that use a symbian OS and are switched onto "visible" (except for a couple of the later nokias). These attacks are executable from another Symbian based phone, and are J2ME based software. Some of the attacks include "Blooover" a program designed to literally suck information out of your phone like a vacuum cleaner (hence the name, an amalgamation of the words hoover and bluetooth. "BTBrowser" blue tooth browser is a prog that lets you view all of the data on another (exploitable) phone "Bluejacking" is the sending of free blue tooth based messages stored in the data of the contacts card. all of these programs are available on the net for free download at places on the wireless net or WAP, such as trifine.org or mobango.com. if anyone has any questions relating to mobiles at all please pm me.


ghost's Avatar
0 0

all i know is few of my friends have the hack thing and you send it to a phone if the accept you can do anything on thier phone


ghost's Avatar
0 0

You can get a program for your cellphone called blooover, cant remember where i got it from, but try googling it… If you find a vulnerable phone you can send SMS'es from it, download the phonebook and place calls. But Blooover is made by whithats so they have made sure that you can only call free phonenumbers and things like that. Hope someone makes a crack or a program like blooover without the restrictions.


ghost's Avatar
0 0

Whoa,

I did not know any of this. Hmm.. thanks for sharing.


ghost's Avatar
0 0

there is a total new hacking trend for hacking bluetooth devices and wireless phones.

i'd suggest heading over http://www.iwhax.net/modules/news/ and downloading and burning that copy of linux..

They have a very extensive field of bluetooth hacking..

Heres a list of some of the stuff u can do:

1] Bluetooth wardriving - wardrive for bluetooth devices. 2] Bluetooth trolling - spam pr0n/disturbing/whatever pics or texts to various phones that can be found. 3] Bluetooth viruses - give viruses to various phones that can be found. these viruses will cause the phones to delete themselves. 4] Bluetooth hijacking - hijack a phone.

To do all that tho u wud need bluetooth hardware on a laptop.

If not u can just get a bluetooth enabled phone and search google for some neat programs that do almost the same thing.

I'd also recommend eigther learning Symbian C++ which is C++ for symbian cell phones, or J2ME which is java for cell phones (most cell phones use this).

NOTE: Any form of bluetooth hacking, besides wardriving, is highly illegal, ur messing with big time fines or time in the slammer.


ghost's Avatar
0 0

Blue jacking, I dont know how to do it but it's used a lot at the moment. Mainly because what the person does is they take over the phone, or a number of phones, just standingin the centre of a shopping centre or something, anyway, they take over the phone and get the phone to dial a premium number that they have set up, which is running on somthing like £1.50 a minute. And as the phone is in the pocket of the victim, they are comletely oblivious until they take out the phone or notice they have no credit.


ghost's Avatar
0 0

i just downloaded bloover onto my phone, looks pretty cool. Going to give it a try soon :P see what i can steal :|


ghost's Avatar
0 0

you see that blue jacking demo on "the real hustle"? @ lil-old-me

they were standing in the middle of a mall, jacking phones and calling a premium number they'd set up so they would profit from it, but they give the money back anyway.