Basics Bluetooth Security Attacks via Bluetooth - Introduction BlueSnarf BlueSnarf++ BlueBug BlueJacking HeloMoto BlueSmack Cracking the Bluetooth PIN Conclusion Bluetooth Basics Originally invented 1994 by Ericsson Technology for connections of short range devices Bluetooth operates within license-free ISM band (2.4 – 2.48 GHz) To prevent interferences: frequency hopping base band frequency switched 1600 times / s ISM band devided into 79 freq. levels, 1 MHz distance Connect two devices: pairing Piconet
Read the rest of this entry »

• 0 Comments

The security mechanisms Known vulnerabilities Tools that are used Live demonstration Who is investigating Adam Laurie CSO of The Bunker Secure Hosting Ltd. DEFCON staff and organizer Maintainer of the Linux Bluetooth stack Marcel Holtmann Martin Herfurt
Security researcher Founder of trifinite.org What is this about What is Bluetooth Bluetooth SIG Trade association Founded 1998 Owns and licenses IP Bluetooth technology A general cable replacement Using the ISM band at 2.4 GHz Protocol stack and application profiles How it works Data and voice transmission ACL data connections SCO and eSCO voice channels Piconet and scatternet topology Frequency hopping 79 channels 1600 hops per second Creating the topology Hopping sequence defines the piconet
Read the rest of this entry »

• 0 Comments

Summary As the widespread use and acceptance of Bluetooth continues concerns are being raised related to security vulnerabilities and privacy issues inherent in the use of this technology. Inadequate device resources and lack of user awareness has compounded this issue where the emphasis on design constraints, functionality and ease of use sometimes outweigh security concerns. Recently some concerns have being highlighted relating to the possible security vulnerabilities in commonly used devices, and also the possibility of the imperceptible tracking of device users through the use of distributed and connected Bluetooth sensor nodes.
Read the rest of this entry »

• 0 Comments

Bluetooth Introduction
History
Technology Overview
The BlueSnarf Attack
The HeloMoto Attack
The BlueBug Attack
Bluetooone
Long-Distance Attacking
Blooover
Blueprinting
DOS Attacks
Sniffing Bluetooth with hcidump
Conclusions – Lessons tought
Feedback / Discussion
Read the rest of this entry »

• 0 Comments

Video of the talk will be on the CCC site in due course. It was felt, as the industry had been given a full 13 months to react to the original threat discovery, and responsible manufacturers had engineered and released firmware upgrades, that the time had come for full disclosure. This became increasingly urgent as it was clear that the techniques used were becoming realtively widely known within the security community, and it could therefore be assumed that the same was true for criminal and/or malicious users. code for the Bluetooth security issues, and any affected phone, regardless of age or origin, can be upgraded under that code free of charge.
Read the rest of this entry »

• 0 Comments

Security Threats Bluetooth Hacking Introduction Working Case Studies Types of Bluetooth Threats The Bluejack Attack OBEX Push Bluespamming Bluetoothing Modifying a Remote Mobile Phones Address Book Fadias Hot Tools for Bluejacking Countermeasures The BlueSnarf Attack OBEX Pull Fadias Hot Tools for Bluesnarfing Countermeasures The Blue Backdoor Attack The BlueBug Attack Fadias Hot Tools for Bluebug Attacks Short Pairing Code Attacks Default Pairing Code Attacks Random Challenge Response Generators Man-In-Middle Attacks Privacy
Read the rest of this entry »

• 0 Comments