Monday, June 2, 2008

Bluetooth Bites

Bluetooth eavesdropping, and related security/privacy issues, are covered here on a regular basis. The following are from the new, and worth repeating, files...

Car Whisperer
"Once the connection has been successfully established, the carwhisperer binary starts sending audio to, and recording audio from the headset. This allows attackers to inject audio data into the car. This could be fake traffic announcements or nice words. Attackers are also able to eavesdrop conversations among people sitting in the car."

Blooover II
"Blooover II is the successor of the very popular application Blooover (Blooover is a tool that is intended to serve as an audit tool that people can use to check whether their phones and phones of friends and employees are vulnerable). After 150000 downloads of Blooover within the year 2005 (since the initial release in at 21c3 in December 2004), a new version of this mobile phone auditing tool is on its ready."

"Besides the BlueBug attack, (Exploiting this loophole allows the unauthorized downloading phone books and call lists, the sending and reading of SMS messages from the attacked phone and many more things.) Blooover II supports the HeloMoto attack (which is quite close to the BlueBug attack), the BlueSnarf and the sending of malformed objects via OBEX." (more)