Category Archives: bluetooth

bluetooth, conference, hacking, security

24C3: Bluetooth Stuff

December 28, 2007 hosh 1 Comment

Hi there! Greetings from 24C3, the annual hacker meeting of CCC. Some updates on Bluetooth related stuff:

Balle released a new version of bluediving, now available in version 0.9.

A funky new tool has been released at this congress: bluedrift. What driftnet is for ethernet, bluedrift is for Bluetooth. Using a special Bluetooth dongle which is capable of being flashed, you are now able to automatically sniff Bluetooth traffic and extract OBEX data, e.g. electronic vcards or pictures, from your sniff.

Another project I didn’t know before is the Wave Bubble by ladyada: “A design for a self-tuning portable RF jammer”

Best cite of the congress: “MIT doesn’t teach you how to fuck GSM-Networks” — Ladyada

bluetooth, hacking, security, wifi

iPhone’s Bluetooth Bug and the Metasploit Framework

September 29, 2007 hosh 1 Comment

As balle already pointed out, there is a major Bluetooth Bug in iPhones. The SDP-Service can be exploited to execute arbitrary code. The funny thing with iPhones is, that even when Inquiry Scan is disabled (“hidden Bluetooth device”) it’s easy to find out the Bluetooth Address of an iPhone: The WiFi-address is the Bluetooth address incremented by one. When you know the MAC Address of the iPhone, you also know the Bluetooth address.

Another interesting thing: The Metasploit Framework about to be ported to the iPhone. All the applications seem to run as UID 0 on the iPhone – this is going to be fun!

Source: Computerworld

bluetooth, hacking, security

Write your own CSR Firmware!

August 16, 2007 hosh 8 Comments

Darkircop have released their tools for reverse engineering CSR Firmware. The tools include a disassembler dis.c for disassembling official firmware. An assembler as.cc for writing your own firmware is also included. With these tools you are now able to write your own firmware for your CSR based Bluetooth Dongle, which might even include raw access for Bluetooth sniffing. The source code for sniffing Bluetooth under Linux included, too.

It might even be possible to port the techniques for finding hidden Bluetooth devices described in this paper onto a CSR dongle. In the paper GNU Radio with USRP was used. The source code used for this attack can be downloaded, too.

bluetooth

Updates on Aircable Host XR (30km Bluetooth Link)

August 13, 2007 hosh 4 Comments

Anonymous did send me some pictures of the Aircable Host XR. It has a CSR BC4 Chipset (CSR BC417-143BQN) and you can update its firmware. In combination with the SMA Connector for the antenna and its high sensitivity, this device might be an interesting BT-Sniffer.
Continue reading Updates on Aircable Host XR (30km Bluetooth Link) →

bluetooth

Bluetooth 2.1 Specification public now

August 1, 2007 hosh

The new Bluetooth 2.1 specification has been made public today. You can download it now. Core features of the 2.1 spec:

Secure Simple Pairing
Reduced Power Consumption

evilgenius