Security Video - Bluesnarfing
Bluetooth can be used for more that connecting a wireless keyboard to a computer or a wireless headset to your cell phone.
Check out all of the Security Video.
If you found this post useful, why don't you buy me a cup of coffee to show your gratitude?
9 Responses to “Security Video - Bluesnarfing”
-
Dave Says:
June 15th, 2007 at 7:34 amAgain, you guys are classic fear-mongers without showing REAL data on the actual (supposed) issue.
Is it just that some (all) phones come with default BT codes and users are unaware of a need to change them?
Or is the problem deeper-beyond have a code?
C’mon guys…
-
Josh Says:
June 15th, 2007 at 9:56 amI don’t think the point of the post or of the video was to scare anyone into not using their phones or not having a phone or even to stay away from Bluetooth. I think the point of the post was to make people aware of the possibility of the issue.
It is the same when the news says that a murderer is loose and that he “could” kill anyone. While that might be true the point of the information is to alert people to the danger that exists so that they are aware. The news reporters aren’t trying to scare anyone; they are just simply relaying the information.
-
Dave Says:
June 15th, 2007 at 11:48 amIt may not have been the point of the video, but it’s affect is to scare people into not using BT. Note where she says “turn off BT when you’re not using it”. That approach effectively makes BT useless, as turning it off/on often requires re-pairing devices, and is NOT how it was designed to be used.
If the point WASN’T fear-mongering, there should be USEFUL advice on what the ACTUAL problem/loophole is, what devices are prone to it, and how to address the issues.
As it is, this isn’t even journalism. There’s no real info in this post.
This being a tech site (Daily Cup of TECH), I would expect them to at least avoid regurgitating such garbage. I’ve seen other “tech” videos by this group, and they’re just plain garbage. Last one I saw was on wi-fi security, and there were GLARING faults in their statements. They hadn’t even done the most casual research to verify what they thought to be true about the technology was accurate.
The analogy to a “murderer on the loose” is completely inaccurate. There’s not much one can do to protect against a murderer, and I’d hope if he was in a certain area, targeting certain groups, that would be announced. With BT, there’s PLENTY of technical info that SHOULD’VE been given.
A better analogy is your doctor telling you there’s risk of skin cancer, which can kill you, if you go outside. Then telling you don’t go outside if you don’t have to, but not telling you how to deal with the risks if you do have to go outside.
Any warnings without useful information on the problem and ways to mitigate, is fear-mongering or sensationalism.
Either way, this video (as Fat Bastard would say) “is crap!”
-
Tim Fehlman Says:
June 15th, 2007 at 1:50 pmThe purpose of this, and all posts on Daily Cup of Tech, is to get people thinking.
It worked.
Tim
-
Tim Fehlman Says:
June 15th, 2007 at 1:52 pmDave,
Would you be able to point us to some webpages that could help the DCoT readers with preventing bluesnarfing and help to make this less of a threat?
Tim
-
Dave Says:
June 15th, 2007 at 2:25 pmTim…
Sorry no- that being part of my point. I don’t know what it is they’re talking about or demonstrating.
What “weakness” or “hole” is in BT are they exploiting?
Again, why I say this is terrible journalism and fear-mongering. It could be something as simple as default BT codes in a device not being changed. But unless they tell us what they’re saying, we have no idea.
The only thing this gets me to thinking is how annoying such noise is…because how often I have to debunk it with the non-technically savvy. Without any detail that’s all it is-noise.
Now if someone has ANY idea about some exploit in BT…I would like to see the technical details, a description of the flaw, a link to some place showing it…something, anything.
-
Tim Fehlman Says:
June 15th, 2007 at 3:15 pmA quick look at Wikipedia and I found this:
http://www.thebunker.net/resources/bluetooth
http://trifinite.org/trifinite_stuff_blooover.html
http://www.alighieri.org/project.htmlTim
-
Dave Says:
June 15th, 2007 at 4:53 pmWell done Tim!
I’ve done a brief read and it’s not nearly as bad as indicated.
As of 2004, there were 16 specific phone models affected, some being close cousins…all from Nokia, Motorola Siemens or Ericcson. They all suffer from a fault in the IMPLEMENTATION of Blutooth, not from a Bluetooth architectural issue. Looking at the chart not all phone models had all vulnerabilities.
At that time, it looks like Nokia had indicated they were working on a software update to resolve the issue.
I would assume, it being some 3 years later, most of these issues don’t exist today in any NEW firmware or on affected phones that have been updated (yes, I’m assuming).
ok, ok, and I’ll stand corrected here. After reading about bluejacking (thanks to Tim) and becoming curious, I must admit that inducing curiosity, even through minimal or bad info, can be a good thing.
I’ll go out and play with some Blujacking this weekend (my family all have BT-equipped phones, should be fun to mess with them) and report back next week.
-
Dave Says:
June 19th, 2007 at 1:05 pmUpdate:
I went out and played with BlueJ on my Treo 650. http://3division.net/bluej/Turns out simply turning of Discoverable Mode prevents anyone from connecting to your BT phone. Any paired devices will continue to work.
I never once managed to BlueJack a phone that wasn’t discoverable, and I found while I could often see a number of BT devices near me (such as at work), I couldn’t really BlueJack (send a message) to any of them without first talking to the owner and having them turn on Discovery.
I would say the BT driver stack has probably been sufficiently updated on phones to prevent this sort of activity.
