[liberationtech] How secure is Bluetooth?
Jacob Appelbaum
jacob at appelbaum.net
Sun Jan 29 14:11:09 PST 2012
On 01/29/2012 02:02 PM, Brian Conley wrote:
> Hi all,
>
> I've been thinking about a variety of applications for Bluetooth the last
> year or so, finally getting down to business, but I'm increasingly
> wondering about the security of transmissions via bluetooth devices, voice
> in particular.
>
> Does anyone know of documentation of *current* exploits that allow the
> interception or "listening in" of calls over Bluetooth headsets?
>
> It seems that it may be technically feasible to create a device that could
> pick up the audio transmissions between a Bluetooth enabled phone and a
> paired Bluetooth headset, but has this actually been documented? Given the
> need to pair two devices in order to follow a radio frequency that hops
> 1600 times per second, allegedly randomly, it feels like the easiest way to
> prevent this is keep the phone in your possession, and never pair with an
> unknown Bluetooth device.
>
> That said, has any one else seenf a documented manner to "receive" the
> transmission between the two devices and follow it for the duration of a
> phone call?
>
Bluetooth is fucked from a security perspective:
http://www.usenix.org/event/woot07/tech/full_papers/spill/spill_html/
You need to acquire one USRP and the proper daughter boards:
https://encrypted.google.com/search?q=bluetooth+intercept+usrp
Alternatively, an UberTooth:
https://www.securepla.net/ubertooth-is-so-sweet-it-hurts/
http://sourceforge.net/projects/ubertooth/files/
Bluetooth has been killed by h1kari and NRuns:
https://encrypted.google.com/search?q=h1kari+bluetooth
Don't use Bluetooth for anything security sensitive, please.
If you're in Seattle, I think you can buy one of the UberTooth boards in
person in Capitol Hill at Ada's books.
All the best,
Jacob
More information about the liberationtech
mailing list