×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

'BlueBag' PC Sniffs Out Bluetooth Flaws

timothy posted more than 7 years ago | from the next-door-neighbors dept.

76

An anonymous reader writes "Why isn't Bluetooth set to "hidden" in all of Nokia's phones? Some hackers in Italy stuffed a computer with a bunch of Bluetooth dongles in a suitcase to see how many Bluetooth devices they could discover by wandering around airports, train stations and shopping malls. The answer? More than 1,400 in 23 hours." The team will present their findings at BlackHat later this summer.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

76 comments

GNAA Announces Cleansing Of The Star Trek GenePool (-1, Troll)

Anonymous Coward | more than 7 years ago | (#15493719)

GNAA Announces Cleansing Of The Star Trek Gene Pool
Impi - Black Ops, South Africa

It is with great regret that we in the glorious GNAA were called to arms against a revered institution known as Star Trek. Impi, while in training as a high priest in the popular religious cult scientology, was approached by William Shatner and Leonard Nimoy to contract the services of the Black Ops wing of the GNAA.

Both Shatner and Nimoy, on which the Star Trek franchise and legend were built, expressed serious concern with regard to the affront of a little known "television station" called G4TV.

"Star Trek prides itself on boldly going where no man has gone before. Not boldly sitting on your fat ass and playing computer games and talking about it in a failed IRC channel!" said Shatner. "G4TV is taking the very ethos of Star Trek and perverting it for profit. They have targeted a segment of the population known as Fatmerica. Their actions in sanctioning such an event promote obesity and diabetes within our youth and we as Star Trek representatives do not want to be associated with this sentiment."

Leonard Nimoy was instrumental in crafting the attack on #startrek20 on the IRC network irc.gamesurge.net. Using an exploit that allowed a redirect from the www.g4tv.com to the infamous Last Measure, many fatties were tricked into being Last Measured.

"They turned on us," said Neal Tiles, president of G4TV. "It was like stampede at a buffet, there was nothing we could do. People were ping timing out all over the place. Mothers were calling the station asking why their children were looking at gay porno. It was a nightmare. Our moderator of the channel, Ravager|CH, tried valiantly to keep things together, but he was eventually g-lined due to massive complaints against the channel."

The overwhelming success of the operation was reflected by the failed moderator Ravager|CH own words: [23:37] <Ravager|CH> another ruined night..

About G4TV:

Jews4Profit


About GNAA:
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.

Are you GAY [klerck.org] ?
Are you a NIGGER [mugshots.org] ?
Are you a GAY NIGGER [gay-sex-access.com] ?

If you answered "Yes" to all of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time GNAA member.
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America and the World! You, too, can be a part of GNAA if you join today!

Why not? It's quick and easy - only 3 simple steps!
  • First, you have to obtain a copy of GAYNIGGERS FROM OUTER SPACE THE MOVIE [imdb.com] and watch it. You can download the movie [idge.net] (~130mb) using BitTorrent.
  • Second, you need to succeed in posting a GNAA First Post [wikipedia.org] on slashdot.org [slashdot.org] , a popular "news for trolls" website.
  • Third, you need to join the official GNAA irc channel #GNAA on irc.gnaa.us, and apply for membership.
Talk to one of the ops or any of the other members in the channel to sign up today! Upon submitting your application, you will be required to submit links to your successful First Post, and you will be tested on your knowledge of GAYNIGGERS FROM OUTER SPACE.

If you are having trouble locating #GNAA, the official GAY NIGGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is NiggerNET, and you can connect to irc.gnaa.us as our official server. Follow this link [irc] if you are using an irc client such as mIRC.

If you have mod points and would like to support GNAA, please moderate this post up.

.________________________________________________.
| ______________________________________._a,____ | Press contact:
| _______a_._______a_______aj#0s_____aWY!400.___ | Gary Niger
| __ad#7!!*P____a.d#0a____#!-_#0i___.#!__W#0#___ | gary_niger@gnaa.us [mailto]
| _j#'_.00#,___4#dP_"#,__j#,__0#Wi___*00P!_"#L,_ | GNAA Corporate Headquarters
| _"#ga#9!01___"#01__40,_"4Lj#!_4#g_________"01_ | 143 Rolloffle Avenue
| ________"#,___*@`__-N#____`___-!^_____________ | Tarzana, California 91356
| _________#1__________?________________________ |
| _________j1___________________________________ | All other inquiries:
| ____a,___jk_GAY_NIGGER_ASSOCIATION_OF_AMERICA_ | Enid Al-Punjabi
| ____!4yaa#l___________________________________ | enid_indian@gnaa.us [mailto]
| ______-"!^____________________________________ | GNAA World Headquarters
` _______________________________________________' 160-0023 Japan Tokyo-to Shinjuku-ku Nishi-Shinjuku 3-20-2

Copyright (c) 2003-2006 Gay Nigger Association of America [www.gnaa.us]

Discovery is not pairing (5, Insightful)

wish bot (265150) | more than 7 years ago | (#15493723)

That's great, but how many could they actually pair with?

Ohh...none?!

Re:Discovery is not pairing (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#15493769)

That's great, but how many could they actually pair with?

Ohh...none?!


Just as you!

Re:Discovery is not pairing (1, Informative)

Anonymous Coward | more than 7 years ago | (#15493777)

I believe you meant your answer to be: 0000

Re:Discovery is not pairing (3, Insightful)

mlk (18543) | more than 7 years ago | (#15493923)

If you rename your device to "Nokia Download Center: Snake Superupdate aviable, type 1234 for this free update"(1) I wonder how many people would blindly tap it in, and bond with you. But to be honest, I'm not really sure what you could do then over Bluetooth.

Mmm. Bonding.

My computer (in a 2nd floor flat) will every now and again get Bluetooth bonding requests, and popups welling me that I've connected to someones PIM (until I turned it off).

1) Or "Free PORN!" equivalent.

Re:Discovery is not pairing (1)

internewt (640704) | more than 7 years ago | (#15494705)

Or "Free PORN!" equivalent.

That's funny. Infact, I've turned bluetooth on, and renamed my phone to "Free porn. pin 69". I'm not sure if it's a good idea, but lets see...

Re:Discovery is not pairing (4, Funny)

Tim C (15259) | more than 7 years ago | (#15494003)

In related news, 100% of people walking past my front door can see it...

The REAL question is.. (0)

Anonymous Coward | more than 7 years ago | (#15495268)

Umm, feel free to say no to this but... would you mind shaving my blue bag?

Discovery is not pairing... no duh! (2, Funny)

Anonymous Coward | more than 7 years ago | (#15494056)

Wandering about airports, train stations and shopping malls, I routinely "discover" hundreds of babes, but "pairing", alas, is a different matter altogether.

Re:Discovery is not pairing (1)

Inda (580031) | more than 7 years ago | (#15494328)

My employer has a contract with Vodafone and Nokia.

Sat here with my Sony (sorry /.), I can discover 26 Nokias.

No news here peeps. Move along.

This is old news, done already in 2004 (1, Informative)

Anonymous Coward | more than 7 years ago | (#15494786)

A firm carried out similar research way back in 2004, so to skip ahead and see what the findings were, check here [zero-sum.net] Nick

From the makers of cell phone anti-virus software (4, Informative)

elrous0 (869638) | more than 7 years ago | (#15493765)

Convenient findings from the makers of cell phone anti-virus software [f-secure.com] , no?

-Eric

Re:From the makers of cell phone anti-virus softwa (2, Insightful)

drspliff (652992) | more than 7 years ago | (#15494536)

So your suggesting that security professionals will never experiment?

If I were trying to keep an edge in the mobile anti-virus market, one of the first thing I'd do would be to get out there and gather as much information as possible, work out some statistics, most popular models etc.

You must work at one of these new-fangled IP firms with zero R&D budget!

blueteeth (0)

Anonymous Coward | more than 7 years ago | (#15493774)

even more of a problem is the noise my computer makes whenever someone with a bluetooth devices walks past my desk. try debugging a multi-threaded app with your computer constantly making random noises!!

Re:blueteeth (0)

Anonymous Coward | more than 7 years ago | (#15493930)

gosh that would be hard.. I mean those "Debugging by sound" courses I took would be totally wasted... I'd have to fall back on old-school methods like sight and intelligence. If only your app was single-threaded, you wouldn't have that problem... ohhh wait, multi-threaded app has nothing to do with your comment, you just threw that in to hang your dick out... nice job!

Woohoo (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#15493782)

Al Zaqari dead.

Abu Mussab Al Zaqari dead at 40 (-1, Troll)

Anonymous Coward | more than 7 years ago | (#15494023)

I just heard some news on talk radio - al-Queda Abu Mussab Al-Zarqawi was found dead in his Iraq safehouse this morning. There weren't any more details. I'm sure everyone in the Slashdot community will miss him - even if you didn't enjoy his anti-American murderous ways, there's no denying his contributions to popular culture. Truly an slashbot icon.

news? (4, Informative)

SillyNickName4me (760022) | more than 7 years ago | (#15493807)

While it is a fun experiment, it is really not news at all.

I have to make a 5 1/2 hours trip by train about twice a month, and for a while one of my ways to waste some time was bugging people who have bluetooth enabled phones...

My 'toolset' ?

A Palm m505 equipped with a bluetooth sdcard.

Typically, just walking through the train from one end to another would get me some tens of phones and a laptop here and there.

Often you can't pair with devices you find, but many of them don't really require pairing for getting data from them, and besides, pairing requests allow for sending text messages, and a 'yes' is an instinctive reply whenever people get bugged by popups.. also on a phone.. Even if that doesn't work, you can still bug people and even make use of their phone difficult... (great when you can find the phone of that extremely loudly talking person)

This was some 3 years ago, and it was well documented back then already.

May not be news, but... (1)

Valdrax (32670) | more than 7 years ago | (#15493851)

It's an issue I'm sure that a lot of Nokia phone owners aren't aware of. I didn't realize that my phone's Bluetooth settings were set that way until I read the blurb and checked. I turned it off and changed it to hidden (just in case I ever want to reactivate it later).

I don't exactly have anything important in my phone, but given the existance of Bluetooth exploits, [zdnet.com] I'd rather not leave the ports open as it were.

Re:May not be news, but... (2, Informative)

SillyNickName4me (760022) | more than 7 years ago | (#15494363)

Simply turning off bluetooth alltogether unless you are actually using it may also do some nice things for talk/standby time btw.

Re:news? (3, Funny)

eraserewind (446891) | more than 7 years ago | (#15494001)

Do you also knock on people's doors and then run away?

Re:news? (1, Funny)

Anonymous Coward | more than 7 years ago | (#15494233)

I knock on doors, then when they answer, just stand there until they tell me to go away.

Re:news? (0)

Anonymous Coward | more than 7 years ago | (#15494309)

I knock on doors and when they answer, I say

'Hello? Can I help you?'

I also phone up bookshops and when they pick up and say 'hello can I help you?'

I reply 'No thanks, just browsing...'

Re:news? (1)

SillyNickName4me (760022) | more than 7 years ago | (#15494453)

Do you also knock on people's doors and then run away?

No (tho at some point in my life I did try.. and I would be surprised if you can honestly say you never did), but if they leave their door open with a 'Welcome' sign over it, I might walk in and take a look.

Re:news? (0)

Anonymous Coward | more than 7 years ago | (#15495259)

No (tho at some point in my life I did try.. and I would be surprised if you can honestly say you never did) ...

I never did, but then again I'm boring. So boring. And lonely. Call me?

it's not really news is it? (1)

ElephanTS (624421) | more than 7 years ago | (#15494675)

It's called BlueJacking and has being going on for a few years. Sometimes I try it in cafes - you end up trying to guess the name of the pretty girl in the corner from your list of possibles.

In fact I'm all in favour of social networking software built into phones - something like a local myspace that you carry with you. Would be great at parties if your phone said, "You should really talk to this person - I'll put an intro in for you if you want".

Or maybe I'm being a bit sad.

http://www.funsms.net/blue_jacking.htm [funsms.net]

Re:it's not really news is it? (1)

james_a_craig (798098) | more than 7 years ago | (#15500520)

Nokia actually have a product that's intended to do pretty much what you suggest, called Sensor [nokia.com] . However, it's nokia-specific and as far as I know the protocol's proprietary, and it's supported on a fairly small set of devices. There's also been a recent port of Apache [nokia.com] to the Nokia Series 60 devices, which would potentially allow something similar to be DIY'd up nicely.

Re:news? (1)

Pollardito (781263) | more than 7 years ago | (#15496265)

flesh this out a bit more and your post could be the story and this waste of time at the top of the page could be someone's reply

Nuclear Powerstations and Missiles (2, Informative)

k1980pc (942645) | more than 7 years ago | (#15493826)

I can use my laptop and find out the location of each and every single strategic installations in the world. That surely does not allow me to log in to or enter any of them and cause mischief. Just because they were able to 'see' bluetooth device is not a security risk - It becomes serious only if they were able to pair to any of them,with or without a passcode. But I remember P.Hilton or somebody getting plastered all over the net with pics hacked from her cell using bluetooth. Just can't find the link.

Re:Nuclear Powerstations and Missiles (4, Informative)

Darth_brooks (180756) | more than 7 years ago | (#15493897)

Her sidekick didn't get hacked via bluetooth. The just used a really simple, easy to guess password and her web access (Sidekicks dont actually store much data, they ship photos & the address book off to the T-mobile servers.). IIRC she used the name of that little rat dog she used to carry around.

Her "incident" touched off a series of B-list celebs getting their sidekick data plasted around the web. I think Fred Durst was another one that was caught the same way.

Re:Nuclear Powerstations and Missiles (0)

Anonymous Coward | more than 7 years ago | (#15503126)

The just used a really simple, easy to guess password and her web access (Sidekicks dont actually store much data, they ship photos & the address book off to the T-mobile servers.). IIRC she used the name of that little rat dog she used to carry around.
Not quite. They didn't guess the password, they used her password recovery question to gain access. The question was "What is the name of your pet" (Tinkerbell). Hint to retarded members of the B-list (or better): Having data secured by the name of a pet you insist on giving almost as much publicity as you get yourself is idiotic.

Re:Nuclear Powerstations and Missiles (1)

metroplex (883298) | more than 7 years ago | (#15493913)

Paris Hilton's phone's content wasn't "hacked" using bluetooth, a teenager [washingtonpost.com] exploited a flaw in T-Mobile International's code to gain access to her web account, which to my understanding mirrored the content of the phone.

That's an odd analogy... (2, Funny)

il_cuoco (980161) | more than 7 years ago | (#15493839)

From TFA:

Using Bluetooth is "like sex," Zanero said. "It's better with precautions."

Anyone care to come up with a joke about getting a trojan and wearing a trojan?

Re:That's an odd analogy... (0)

Anonymous Coward | more than 7 years ago | (#15493916)

Indeed.
So in reference with the article, beeing able to see many parthners and identify them as such, is very far from being able to have sex with them.

Does it really matter? (1)

phunkphorce (809864) | more than 7 years ago | (#15493911)

Does it really matter how many devices with Bluetooth on they found? I always keep mine on, so that I don't have to turn it off and on when I am leaving/getting home to use such nifty tools as Salling Clicker [salling.com] in OS X (available for Windows too)

So???? (1, Insightful)

MarsDude (74832) | more than 7 years ago | (#15493939)

I can discover even more frontdoors in the same period of time.
But how many are open so I can walk in ???

NOT a dongle! (2, Informative)

youngerpants (255314) | more than 7 years ago | (#15493974)

OK, this peeves me. A "Dongle" is a hardware license. that is, an adapter/ chip that plugs into a PC/ Server/ Whatever that verifies a license.


These guys plugged several bluetooth peripherals into a laptop.


Sorry, but this is a technology site.

Re:NOT a dongle! (1)

k1980pc (942645) | more than 7 years ago | (#15494055)

"bluetooth dongle" is a very common usage for a bluetooth-peripheral-that-plugs-into-hardware-and- verifies-license-AND-lets-you-connect-to-other-blu etooth-enabled-devices.
Try googling bluetooth dongle or going to your friendly neighbourhood shop and ask for a dongle. By the way,if you ask for a bluetooth peripheral, you might get everything from a dongle to headsets to mice.

Re:NOT a dongle! (1)

Xenna (37238) | more than 7 years ago | (#15494095)

To me A dongle is something that dangles off your pc.

It may well be a hardware license protection device, but the shape and the attachment to your PC are the real criteria. It must have that distinguishable dongly shape...

And Google gives 12.600 hits for 'software dongle' ;)

X.

Re:NOT a dongle! (1)

johnw (3725) | more than 7 years ago | (#15495301)

To me A dongle is something that dangles off your pc.

ISTR a dongle which attached to the parallel port and came with an optional short bit of ribbon cable to stop it sticking out too far at the back of the box. This latter item was naturally known as a "dongle dangle".

Re:NOT a dongle! (1)

aug24 (38229) | more than 7 years ago | (#15494114)

Ummm, No. [wikipedia.org]

"Dongle as the name of a device was used well before 1980 within the telecoms industry to refer to BNC cable joiners of either sex (such as the RG58 cable used on 10 meg Ethernet)."

Justin.

Not necessarily... (1)

sczimme (603413) | more than 7 years ago | (#15494144)


A "Dongle" is a hardware license. that is, an adapter/ chip that plugs into a PC/ Server/ Whatever that verifies a license

Yes, that is one definition. However, the PCMCIA and CardBus network adapters (used way-back-when before laptops had built-in Ethernet) would often consist of two parts: the card itself that was inserted into the slot; and the dongle, which connected the card to the RJ-45. I have a handful of those NICs sitting around: D-Link, 3Com, and Xircom all made them, although in Xircom's case I don't remember if the dongle pre- or post-dated the X-Jack.

Re:NOT a dongle! (4, Insightful)

mjh (57755) | more than 7 years ago | (#15494192)

The problem is that language doesn't work that way. All of us, as a group, are in control of language. Words that were intended for one context frequently apply to all kinds of other contexts. And people gravitate towards analogies. So the "dongle" that you speak of, works very well as an analogy for a bluetooth peripheral. Pretty soon, "dongle" means any sort of thing you plug into a PC that sticks out the end.

It is very difficult to keep people from using words the way that they want to. This is the motivation behind trademark laws. Once the mass decides that a word (e.g. kleenex or xerox) means something more than the specific original intention, the game is up. I believe that dongle has passed that threshold.

So you can continue, in a Quixote-esque manner, to try and steer people back to the single specific meaning of dongle. But I don't think you'll succeed. And I think you're likely to get very frustrated. But if that's what you want to do, have at it!

Re:NOT a dongle! (1)

youngerpants (255314) | more than 7 years ago | (#15494219)

Thank you mjh, whereas the other replies merely infuriated me more, (I dont care how many hits google tells me you get for bluetooth dongle,) you've calmed the savage beast. I'll still keep correcting people in conversation though, just for geeks sake.

Re:NOT a dongle! (0)

Anonymous Coward | more than 7 years ago | (#15494406)

Well you can of course carry on, but be aware that the cable joining use of dongle predates your johnny-come-lately notion of a hardware licence enabler.

I'm sure that won't affect you though, you obviously know best...

Re:NOT a dongle! (1)

riegel (980896) | more than 7 years ago | (#15494559)

Another one that bugs me is the use of modem. I have a DSL router, not a DSL modem. But this term probably has evolved from MOdulate/DEModulate.

Re:NOT a dongle! (0)

Anonymous Coward | more than 7 years ago | (#15495354)

Hello, McFly?

You may or may not have a router, but you certainly have a modem. What do you think that little box is doing in order transmit and receive signals over the telco wires? Hint - its modulating and demodulating the analog signals on the wire. It uses a much fancier modulation algorithm than a POTS modem, but its still a modem.

The English Language is *NOT* a Democracy (1)

Zero__Kelvin (151819) | more than 7 years ago | (#15496431)

"The problem is that language doesn't work that way. All of us, as a group, are in control of language."
This is a common misconception. It is certainly true that language evolves, however it does not happen in democratic fashion. It doesn't matter how many people use 'minute' as slang for a long time, or ask 'what you be doing?', the fact will remain that minute does not mean a long time in the English language, and correct English is only satisified by "what are you doing?". It is true that you cannot force people to speak intelligently, however you can encourage them not to intentionally sound like fools.

The bottom line is that there is no such thing as a Bluetooth Dongle [wikipedia.org] unless it is a device which authenticates a software license and happens to connect via Bluetooth rather than a physical link (definition 1), or it hangs off the PC in the fashion of a Dongle (definition 2.)

Note that I do not cite the Wiki as an authority on the English language, but merely to show that the Wiki gets it right already, as hard copy dictionaries will certainly take a while to catch up.

The bottom line is you have a choice between two options:

  • 1) "It has been quite a while since plugged my Bluetooth PCMCIA Card into my laptop ..."
  • 2) "Yo dog ... I ain't plugged my Bluetooth Dongle into my boxen in a minute ..."
Only you can decide if you want to sound like an educated technology expert or a gangsta moron ....

Re:The English Language is *NOT* a Democracy (2, Interesting)

mjh (57755) | more than 7 years ago | (#15496945)

You are certainly welcome to believe whatever you wish. However, you're ignoring something that I think is important: folly is in the eye of the beholder. There was a time when it was considered slang to say "don't" and "won't", or any other contractions. The only contraction that remains as slang is "ain't", but even that's in the dictionary now.

Is the transformation of "don't" and "won't" language evolution? Yes, sure. But if you argue that the transfermation of "dongle" is not language evolution, I would have to disagree with you. The mechanism by which "don't" and "won't" became acceptable is the same mechanism by which "dongle" has taken on more than one meaning. People using it understood it and accepted it.

The vast majority of people who use "dongle" accept that it can mean something more than a license verification device. And the evidence for this is the large number of people who say "bluetooth dongle" and seem to understand what it means. The old meaning will only be upheld by the minority wishing to retain semantic purity. Frankly, I think the distinction you make between "educated technology expert" and "gansta moron" is a bit to broad brushed. I use "dongle" the way that you dislike and I get paid a lot of money to be a technology expert. My company is not willing to pay for any type of moron, gansta or not. The use of "dongle" is simply not something they consider in their hiring practices. The use of the word "crib" to mean my home, might not be very well received during an interview. But "dongle" seems to have received much wider spread acceptance than "crib".

About the only thing I agree with is that language is not a democracy. It's much more decentralized than even that. It's a market. What we get is the ability to communicate. What we pay is flexibility. If you're inflexible, you can't continue to participate in the market. Soon you won't be able to understand anyone outside of your semantically pure circle, nor will anyone else be able to understand you.

Good luck with that.

Here's my question for you: if you believe that language is not decentralized, then who is in control? Where are the edicts describing when we're going to start using "bit" to mean "binary digit", or "internet" to mean globally connected computer network? You might say that the dictionaries decide, but they don't. They reflect the changes that have already happened. They don't make those changes. So, if it's not a decentralized process, where are the central authorities deciding what new words that none of us have heard of we're going to use? In my entire life, I don't remember ever reading one.

Re:The English Language is *NOT* a Democracy (1)

Zero__Kelvin (151819) | more than 7 years ago | (#15497394)

You seem to have missed my point entirely, so I will try to be more succinct. Call it a "blutooth dongle" if you wish. Ask me "yo dog, what you doing?" if you prefer. I will know what you mean, as will most people. The human race can be divided into two separate categories: 1) Those who understand ignorant people, but know the person speaking is ignorant. 2) Those who understand the ignorant people, and don't know that ignorance has been flaunted because they are ignorant.

You can obviously choose to remain ignorant if you so choose, or you can recognize that the term Dongle has a very specific set of definitions.

Lots and lots of people say Microsoft Windows is great; yet another falsehood that cannot be turned true by a concensus of the ignorant :-)

Have a ball ...

Re:The English Language is *NOT* a Democracy (1)

mjh (57755) | more than 7 years ago | (#15511630)

I don't think I missed your point. I just don't happen to agree with it. Applying a different meaning to "dongle" than what you like does not make someone ignorant. It means that the meaning of the word has grown or changed.

Stick with your semantic purity if you insist. The fact that I won't be semantically pure does not make me a gansta. Nor does it make me ignorant. (Although you're welcome to believe both of those if you wish.) It simply means that I'm adaptable enough to accept new meanings for words.

FWIW, I happen to agree that there are some words (e.g. "crib" & "homey", etc) which you wouldn't expect to hear in professional circles. However, just because they exist, does not mean that all words that evolve to have new meanings are unacceptable professionally. Your vision of word meaning as black and white is overly simplistic and not reflective of the real world. IMHO.

Ok, so they discovered a whole lot of phones (2, Interesting)

Alarash (746254) | more than 7 years ago | (#15494071)

Many comments say "Ok, so they discovered a lot of phones, that doesn't mean they could hack into each one of them", which is true and also acknowledged by the researchers (hence the use of the word "potential" in TFA). I, for one, turn my bluetooth on only when I need to synch it with my laptop. I don't even use a "bionic man bluetooth headset" because I find these ridiculous.

However, I'd like to know what are the dangers when leaving the Bluetooth enabled on my cell phone. I set it up to require an code to bond. But that doesn't mean I'm safe, I guess. Are there any known exploits, widely used, or easy to setup, for hacking Bluetooth phones? Especially Sony-Ericsson and HP iPaq, since these are the ones I use.

Re:Ok, so they discovered a whole lot of phones (0)

Anonymous Coward | more than 7 years ago | (#15494389)

Hello,

I turn bluetooth off normally, because I thought it was unsafe to use. I thought that attackers don't need to enter a pin to connect to your blutooth-device. You nay find some info on wikipedia under bluetooth about this, but I can't seem to access wikipedia at the moment.

Greetings,

Michel

Re:Ok, so they discovered a whole lot of phones (3, Informative)

Rob Kaper (5960) | more than 7 years ago | (#15494489)

Bluetooth device IDs can be forged, so if someone knows the ID of a paired device they can easily gain access, so this isn't a good idea [robertjohnkaper.com] . As long as you have a device that requires you to accept incoming objects (v-cards/images/mp3s/etc) you should be fine. Never accept an incoming object unless you trust the source - it's kind of like e-mail.

Re:Ok, so they discovered a whole lot of phones (1)

Jetson (176002) | more than 7 years ago | (#15506095)

However, I'd like to know what are the dangers when leaving the Bluetooth enabled on my cell phone.

The biggest danger is probably that you'll run out of battery much quicker than if you turn of BT when you're not using it. The same goes for WiFi.

Isn't limited range a serious hinderance too? (2, Insightful)

King_TJ (85913) | more than 7 years ago | (#15494128)

I guess the whole point of this experiment was testing the viability of someone taking a BT enabled device around crowded places and attempting to virus-infect as many people's phones, PDAs, and laptops as possible with it.

But that scenario strikes me as relatively pointless.

The main risk BT enabled device owners are worried about is data theft. (EG. You don't want random people downloading your photo library off your cellphone, or capturing all of your contact list data.) This would require them taking specific steps to target your specific device, and those steps would have to be taken while they're within the 30 foot or so range of you!

Some guy rolling a suitcase through an airport and saying "Ooh! Look at these logs showing all the people I could potentially hack!" means little, if he can't chase individual people down from those logs afterwards and pull down their data.

Re:Isn't limited range a serious hinderance too? (1)

BaseLineNL (822690) | more than 7 years ago | (#15494243)

But that scenario strikes me as relatively pointless.


You forgot to take ego into account. Most virusses are relatively pointless, but they exist nevertheless.

Re:Isn't limited range a serious hinderance too? (0)

Anonymous Coward | more than 7 years ago | (#15494379)

ever heard of a directional yagi or parabolic dish? you can considerably increase the usable range with one of these + extra height

re: directional yagis and parabolic dishes (1)

King_TJ (85913) | more than 7 years ago | (#15497224)

Yes, of course you can - but how many bluetooth enabled devices include antenna jacks suitable for attaching one of these to them?

They only became well-known with wi-fi because so many wireless routers and cards had jacks on them for external antennas. Bluetooth generally has no such thing.

Forget the bluetooth (1, Funny)

Anonymous Coward | more than 7 years ago | (#15494481)

Where can I get a laptop with a 23hour battery?!!!

Re:Forget the bluetooth (0)

Anonymous Coward | more than 7 years ago | (#15494695)

RTFPDF. It's a miniITX motherboard, with a big-honking battery attached to it. By it's very design, it's going to last longer than a laptop due to the fact that 2/3 of the weight is battery. By contrast, a laptop usually only uses 1/4 of the weight for the battery. Not to mention it dosen't have to power CDroms and all that stuff.

Dadgummit

complete lame if you ask me. (1)

edgecrush3r (813974) | more than 7 years ago | (#15494778)

Anyone can collect information about bluetooth devices on the go, and with simple Tooting action you could try to force the user install malicious software on his device. But whats the point of all this ?? In the end you gain not much, except for maybe a list of personal contacts which you can use for complete psychopate experiences. You dont need an array of devices to see if a certain exploid is working, just get your hands on the device implementation docs or just start cracking your own device ;). On an average train journey I discover 10/15 Bluetooth enabled devices on my Mobile. Using the same Mobile, I also discover 200/240 WiFi Access-Points with zero encryption if I travel by car. The latter at least gains enough connectivity to browse 'Slashdot'. Trying each door to see if a car is locked, is pointless unless your trying to steal it.

Re:complete lame if you ask me. (0)

Anonymous Coward | more than 7 years ago | (#15496301)

with simple Tooting action you could try to force the user install malicious software on his device

Oh really? I never thought of doing that. I'll try it next time I eat at Taco Kabana.

Good Wireless Tools Resource (1)

fuzzybunny (112938) | more than 7 years ago | (#15494924)

Max Moser and some of the guys at remote-exploit [remote-exploit.org] have a few great tools and collections for wireless sniffing (all types, including bluetooth) such as the Auditor Collection.

Just a blatant plug for a friend, check it out. I think it's pretty cool.

In other, most wondrous, news (0)

Anonymous Coward | more than 7 years ago | (#15495453)

If you walk around the countryside at night, you'll see hundreds of stars, but you cannot travel to them.

If you walk around the neighborhood, you'll see many houses, you probably do not own them.

If you walk around the forest, you'll see many trees, but you can't turn the trees into wooden furniture as you're walking.

A bunch? (1)

trentblase (717954) | more than 7 years ago | (#15495469)

Why would they need "a bunch" of bluetooth dongles? TFA seems to imply they only had one bluetooth device in the bag.

WARNING! (0)

Anonymous Coward | more than 7 years ago | (#15495962)

You are broadcasting your IP address! Click here to repair.

Hah. (1)

dethndrek (870145) | more than 7 years ago | (#15496008)

Is anyone else mildly amused that this article is about something called 'Bluebag' and a "bunch of Dongles"? :-P

fri5t vpsot (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#15496103)

contact To see 1f

Targets for theft (1)

arn@lesto (107672) | more than 7 years ago | (#15502937)

I reported to RISKS last April last year:
Thieves were using bluetooth to target cars that have suspended laptops left
unattended in parking lots, in my case Disney World parking.

It makes for guaranteed payoffs. If the Nokia phones are bluetooth visible
while left in the car there's another easy target.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...