'BlueBag' PC Sniffs Out Bluetooth Flaws 76
An anonymous reader writes "Why isn't Bluetooth set to "hidden" in all of Nokia's phones? Some hackers in Italy stuffed a computer with a bunch of Bluetooth dongles in a suitcase to see how many Bluetooth devices they could discover by wandering around airports, train stations and shopping malls. The answer? More than 1,400 in 23 hours." The team will present their findings at BlackHat later this summer.
Discovery is not pairing (Score:5, Insightful)
Ohh...none?!
Re:Discovery is not pairing (Score:1, Informative)
Re:Discovery is not pairing (Score:3, Insightful)
Mmm. Bonding.
My computer (in a 2nd floor flat) will every now and again get Bluetooth bonding requests, and popups welling me that I've connected to someones PIM (until I turned it off).
1) Or "Free PORN!" equivalent.
Re:Discovery is not pairing (Score:1)
That's funny. Infact, I've turned bluetooth on, and renamed my phone to "Free porn. pin 69". I'm not sure if it's a good idea, but lets see...
Re:Discovery is not pairing (Score:5, Funny)
Re:Discovery is not pairing (Score:1)
Discovery is not pairing... no duh! (Score:2, Funny)
Re:Discovery is not pairing (Score:2)
Sat here with my Sony (sorry
No news here peeps. Move along.
This is old news, done already in 2004 (Score:1, Informative)
From the makers of cell phone anti-virus software (Score:5, Informative)
-Eric
Re:From the makers of cell phone anti-virus softwa (Score:2, Insightful)
If I were trying to keep an edge in the mobile anti-virus market, one of the first thing I'd do would be to get out there and gather as much information as possible, work out some statistics, most popular models etc.
You must work at one of these new-fangled IP firms with zero R&D budget!
news? (Score:5, Informative)
I have to make a 5 1/2 hours trip by train about twice a month, and for a while one of my ways to waste some time was bugging people who have bluetooth enabled phones...
My 'toolset' ?
A Palm m505 equipped with a bluetooth sdcard.
Typically, just walking through the train from one end to another would get me some tens of phones and a laptop here and there.
Often you can't pair with devices you find, but many of them don't really require pairing for getting data from them, and besides, pairing requests allow for sending text messages, and a 'yes' is an instinctive reply whenever people get bugged by popups.. also on a phone.. Even if that doesn't work, you can still bug people and even make use of their phone difficult... (great when you can find the phone of that extremely loudly talking person)
This was some 3 years ago, and it was well documented back then already.
May not be news, but... (Score:2)
I don't exactly have anything important in my phone, but given the existance of Bluetooth exploits, [zdnet.com] I'd rather not leave the ports open as it were.
Re:May not be news, but... (Score:3, Informative)
Re:news? (Score:4, Funny)
Re:news? (Score:1, Funny)
Re:news? (Score:2)
No (tho at some point in my life I did try.. and I would be surprised if you can honestly say you never did), but if they leave their door open with a 'Welcome' sign over it, I might walk in and take a look.
it's not really news is it? (Score:2)
In fact I'm all in favour of social networking software built into phones - something like a local myspace that you carry with you. Would be great at parties if your phone said, "You should really talk to this person - I'll put an intro in for you if you want".
Or maybe I'm being a bit sad.
http://www.funsms.net/blue_jack [funsms.net]
Re:it's not really news is it? (Score:1)
Re:news? (Score:2)
Nuclear Powerstations and Missiles (Score:2, Informative)
Re:Nuclear Powerstations and Missiles (Score:5, Informative)
Her "incident" touched off a series of B-list celebs getting their sidekick data plasted around the web. I think Fred Durst was another one that was caught the same way.
Re:Nuclear Powerstations and Missiles (Score:1)
That's an odd analogy... (Score:2, Funny)
Using Bluetooth is "like sex," Zanero said. "It's better with precautions."
Anyone care to come up with a joke about getting a trojan and wearing a trojan?
Does it really matter? (Score:1)
So???? (Score:2, Insightful)
But how many are open so I can walk in ???
NOT a dongle! (Score:3, Informative)
These guys plugged several bluetooth peripherals into a laptop.
Sorry, but this is a technology site.
Re:NOT a dongle! (Score:1)
Try googling bluetooth dongle or going to your friendly neighbourhood shop and ask for a dongle. By the way,if you ask for a bluetooth peripheral, you might get everything from a dongle to headsets to mice.
Re:NOT a dongle! (Score:2)
It may well be a hardware license protection device, but the shape and the attachment to your PC are the real criteria. It must have that distinguishable dongly shape...
And Google gives 12.600 hits for 'software dongle'
X.
Re:NOT a dongle! (Score:1)
ISTR a dongle which attached to the parallel port and came with an optional short bit of ribbon cable to stop it sticking out too far at the back of the box. This latter item was naturally known as a "dongle dangle".
Re:NOT a dongle! (Score:2)
"Dongle as the name of a device was used well before 1980 within the telecoms industry to refer to BNC cable joiners of either sex (such as the RG58 cable used on 10 meg Ethernet)."
Justin.
Not necessarily... (Score:2)
A "Dongle" is a hardware license. that is, an adapter/ chip that plugs into a PC/ Server/ Whatever that verifies a license
Yes, that is one definition. However, the PCMCIA and CardBus network adapters (used way-back-when before laptops had built-in Ethernet) would often consist of two parts: the card itself that was inserted into the slot; and the dongle, which connected the card to the RJ-45. I have a handful of those NICs sitting around: D-Link, 3Com, and Xircom all made them, although in Xircom's ca
Re:NOT a dongle! (Score:5, Insightful)
It is very difficult to keep people from using words the way that they want to. This is the motivation behind trademark laws. Once the mass decides that a word (e.g. kleenex or xerox) means something more than the specific original intention, the game is up. I believe that dongle has passed that threshold.
So you can continue, in a Quixote-esque manner, to try and steer people back to the single specific meaning of dongle. But I don't think you'll succeed. And I think you're likely to get very frustrated. But if that's what you want to do, have at it!
Re:NOT a dongle! (Score:2)
Re:NOT a dongle! (Score:1)
The English Language is *NOT* a Democracy (Score:2)
This is a common misconception. It is certainly true that language evolves, however it does not happen in democratic fashion. It doesn't matter how many people use 'minute' as slang for a long time, or ask 'what you be doing?', the fact will remain that minute does not mean a long time in the English language, and correct English is only satisified by "what are you doing?". It is true that you cannot
Re:The English Language is *NOT* a Democracy (Score:3, Interesting)
Is the transformation of "don't" and "won't" language evolution? Yes, sure. But if you argue that the transfermation of "dongle" is not language evolution, I
Re:The English Language is *NOT* a Democracy (Score:2)
You can obviously choose to
Re:The English Language is *NOT* a Democracy (Score:2)
Stick with your semantic purity if you insist. The fact that I won't be semantically pure does not make me a gansta. Nor does it make me ignorant. (Although you're welcome to believe both of those if you wish.) It simply means that I'm adaptable enough to accept new meanings for w
Ok, so they discovered a whole lot of phones (Score:3, Interesting)
However, I'd like to know what are the dangers when leaving the Bluetooth enabled on my cell phone. I set it up to require an code to bond. But that doesn't mean I'm safe, I guess. Are there any known exploits, widely used, or easy to setup, for hacking Bluetooth phones? Especially Sony-Ericsson and HP iPaq, since these are the ones I use.
Re:Ok, so they discovered a whole lot of phones (Score:4, Informative)
Re:Ok, so they discovered a whole lot of phones (Score:2)
The biggest danger is probably that you'll run out of battery much quicker than if you turn of BT when you're not using it. The same goes for WiFi.
Isn't limited range a serious hinderance too? (Score:3, Insightful)
But that scenario strikes me as relatively pointless.
The main risk BT enabled device owners are worried about is data theft. (EG. You don't want random people downloading your photo library off your cellphone, or capturing all of your contact list data.) This would require them taking specific steps to target your specific device, and those steps would have to be taken while they're within the 30 foot or so range of you!
Some guy rolling a suitcase through an airport and saying "Ooh! Look at these logs showing all the people I could potentially hack!" means little, if he can't chase individual people down from those logs afterwards and pull down their data.
Re:Isn't limited range a serious hinderance too? (Score:1)
You forgot to take ego into account. Most virusses are relatively pointless, but they exist nevertheless.
re: directional yagis and parabolic dishes (Score:2)
They only became well-known with wi-fi because so many wireless routers and cards had jacks on them for external antennas. Bluetooth generally has no such thing.
Forget the bluetooth (Score:1, Funny)
Re:Forget the bluetooth (Score:2)
complete lame if you ask me. (Score:1)
Good Wireless Tools Resource (Score:2)
Just a blatant plug for a friend, check it out. I think it's pretty cool.
A bunch? (Score:2)
Hah. (Score:1)
Targets for theft (Score:1)
Thieves were using bluetooth to target cars that have suspended laptops left
unattended in parking lots, in my case Disney World parking.
It makes for guaranteed payoffs. If the Nokia phones are bluetooth visible
while left in the car there's another easy target.