Basics Bluetooth Security Attacks via Bluetooth – Introduction BlueSnarf BlueSnarf++ BlueBug BlueJacking HeloMoto BlueSmack Cracking the Bluetooth PIN Conclusion Bluetooth Basics Originally invented 1994 by Ericsson Technology for connections of short range devices Bluetooth operates within license-free ISM band (2.4 – 2.48 GHz) To prevent interferences: frequency hopping base band frequency switched 1600 times / s ISM band devided into 79 freq. levels, 1 MHz distance Connect two devices: pairing Piconet
(a, b) – aggregation of several piconets to scatternet (c) Bluetooth Basics Maximum data rate: 700 kBit/s in Version 1.2, up to 2.1 mBit/s in Version 2.0 + EDR (enhanced data rate) Generally low power consumption Three different device classes: Power Class 1 2 3 Max. output Power 100 mW (20 dBm) 2,5 mW (4 dBm) 1 mW (0 dBm) Max. Operating Range ~ 100 m ~ 20 m ~ 10 m Bluetooth protocol stack: Structure 1. Introduction 1.1 Bluetooth Basics 2. Bluetooth Security 2.1 Attacks via Bluetooth – Introduction 2.2 BlueSnarf 2.3 BlueSnarf++ 2.4 BlueBug 2.5 BlueJacking 2.6 HeloMoto 2.7 BlueSmack 2.8 Cracking the Bluetooth PIN 3. Conclusion Attacks via Bluetooth – Introduction Rising popularity of wireless technology ? rising interest in abusing devices and communication channels Interesting facts about „victim“: Is it a mobile phone / pda / computer ? Vulnerable to a known software leakage ? Which ports are open on the target device ? Social engineering, software tools Blooover by trifinite group Java application for mobile phones Allows security audits and proof-of-concept attacks Slax-based linux distribution Large series of audit tools Automated attacks BlueSnarf, BlueSnarf++ BlueSnarf exploits weak OBEX implementation on mobile phones OPP: Object push profile, unauthorised access, for vCards SYNCH: Profile for exchange of private data Calendar, contacts, pictures, … Authorised access!
Download pdf Bluetooth Security & Hacks Manual