Bluetooth Bites Again

UK - A British woman's lawsuit against her ex-husband claims he bugged her car to record her private conversations during the final months of their marriage.

Baksho Devi Gora of Walsall, England, filed a High Court lawsuit seeking "substantial damages" from ex-husband Harvinder Singh Gora for allegedly violating her privacy by recording private telephone conversations from her car and playing them for family and friends, The Daily Telegraph reported Friday.

They were probably made via a small device secretly attached to the Bluetooth system in Mrs Gora's car in May 2008, said her barrister, Mr Eardley. (more) (how they do it)

McDonald's... "Over 4 Million Stolen"

Australia - Two men are being extradited to Perth to face charges of stealing more than $4 million from customers at fast food outlets in what police say is Australia's biggest-ever EFTPOS card skimming operation...

Officer-in-charge of the major fraud squad, Detective Senior Sergeant Don Heise, said the skimming occurred through September after the pin pads at the drive-thru counters of more than 20 McDonald's restaurants in the Perth metropolitan area were replaced with compromised machines.

The bogus keypad would then transmit the card's information to a nearby mobile or laptop.

The accounts of 4000 victims have been hacked into after the first withdrawal took place on October 5, with one suffering a loss of about $6000 to $7000.

During October, more than $4 million was stolen from bank accounts, using ATMs in NSW, Victoria, Canada, Great Britain, the USA, India and Malaysia. (more)

The device is the Ingenico PX328 pinpad, a decade-old terminal type, which is not tamper proof. Upgrade, if you got them! (more)

Apple Keyboard Secret Keystroke Logger

Translation...
Keystroke logging software may be inserted directly into some keyboards. A physical inspection won't find it. Reloading your system software won't destroy it.

"The security posture of a computer can be adversely affected by poorly-designed devices on its USB bus. Many modern embedded devices permit firmware to be upgraded in the field and the use of low-cost microcontrollers in these devices can make it difficult to perform the mathematical operations needed to verify a cryptographic signature. The security of many of these upgrade mechanisms is very much in question. For a concrete example, we describe how to tamper with a firmware upgrade to the Apple Aluminum Keyboard. We describe how an attacker can subvert an off-the-shelf keyboard by embedding into the firmware malicious code which allows a rootkit to survive a clean re-installation of the host operating system." K. Chen - Georgia Institute of Technology (more)

Security Director Alert - GSM Pen

Your CEO is holding sensitive negotiations, thinking the playing field is level. It isn't.

The opponent has an invisible team of advisers helping out... in real time. Your side is stymied at every move, thwarted at every turn, every advantage you thought you had, evaporated.

What happened? How did they do it?
How can YOU stop it from happening again?

Here is what you might be up against (from the seller's web site)...

"All you have to do is to connect the pen to your cell phone (via Bluetooth); make or receive calls like you do regularly. The GSM pen connects to the phone as a regular Bluetooth headset. The spy earpiece receives the signal from the phone through the GSM pen (via wireless induction).

Arrange with your partner - outside the area - who will be giving you all the necessary information, using any phone (cell, home or public phone).

Put the spy earpiece into you ear and just before you enter the room make a call to your partner.

The microphone located on the GSM pen is very sensitive. It lets your partner hear everything you say, even a whisper.

Their answer can be clearly heard by you, but nobody else. After you are done you can easily take the earpiece out from your ear with the help of the ejection cord."

This Alert also applies to:
• Educators. Final Exam time is near.
• Proctors at professional certification exams.
• Police surveilling suspects who may be secretly communicating.
How YOU can stop this from happening again...
Call me.

Does someone near you always seem to know who's calling you?

Perhaps they have one of these... linked to your cell phone.

Bluetooth bracelet with vibration function and caller ID display.

Spybusters Tip # 429 - Keep Bluetooth turned off when not in use. (more)

How to Beat a Keystroke Logger

Need password privacy when using un-secure computers?
Afraid your significant other placed a keystroke logger?
Want to keep your net surfing URLs private?

While no solution provides 100% security, but bypassing the traditional keyboard will help...

My-T-Soft Virtual Onscreen Keyboards
I-Tech Virtual Laser Keyboard (bluetooth)
Click-N-Type Virtual Keyboard
MountFocus Virtual Keyboard
FREE Virtual Keyboard by MiloSoft

For the more technically advanced...
Virtual Keyboard Interface - Adds a virtual keyboard to text fields, password fields and text areas allowing keyboard-less input of text and special characters. Install the script and double-click on one of the form element types above to display the keyboard. This is a Greasemonkey script and will work wherever Greasemonkey works. (download page)

Bug Bites... with Bluetooth

Smart spies can build their own bugs; ones which average TSCM detection equipment can't see.

One example of this are bugs which use off-the-shelf Bluetooth technology, like Bluegiga. Short range, but very effective.

Another example is second generation Zigbee which can transmit audio a much greater distance.

Both signals are digital. Both blend their transmissions into the sea of legitimate WiFi signals which surround us.

The cost for building these advanced bugging devices is less than $100. per bug.

Discovery requires the most advanced TSCM instrumentation... like what you will find only here.

Bluetooth Bites

Bluetooth eavesdropping, and related security/privacy issues, are covered here on a regular basis. The following are from the new, and worth repeating, files...

Car Whisperer
"Once the connection has been successfully established, the carwhisperer binary starts sending audio to, and recording audio from the headset. This allows attackers to inject audio data into the car. This could be fake traffic announcements or nice words. Attackers are also able to eavesdrop conversations among people sitting in the car."

Blooover II
"Blooover II is the successor of the very popular application Blooover (Blooover is a tool that is intended to serve as an audit tool that people can use to check whether their phones and phones of friends and employees are vulnerable). After 150000 downloads of Blooover within the year 2005 (since the initial release in at 21c3 in December 2004), a new version of this mobile phone auditing tool is on its ready."

"Besides the BlueBug attack, (Exploiting this loophole allows the unauthorized downloading phone books and call lists, the sending and reading of SMS messages from the attacked phone and many more things.) Blooover II supports the HeloMoto attack (which is quite close to the BlueBug attack), the BlueSnarf and the sending of malformed objects via OBEX." (more)

Wireless Keyboard Interception - Encryption Cracked

Security researchers have cracked the rudimentary encryption used in a range of popular wireless keyboards.

Bluetooth is increasingly becoming the de-facto standard for wireless communication in peripheral devices and is reckoned to be secure. But some manufacturers such as Logitech and Microsoft rely on 27 MHz radio technology which, it transpires, is anything but secure.

Using nothing more than a simple radio receiver, a soundcard and suitable software, Swiss security firm Dreamlab Technologies managed to capture and decode the radio communications between a keyboard and a PC.

The attack opens the way up to all sorts of mischief including keystroke logging to capture login credentials to online banking sites or email accounts. (more)

Blue Bugging - Corporate Data Risk

UK - Thieves are using Bluetooth phones to detect whether motorists have left laptops, mobile phones or state-of-the-art PDAs in their cars.

PC Davis said: "Even if they are out of sight in the boot or glove compartment, the Bluetooth technology enables computer-literate thieves to locate compatible kit easily."

When a car contains a Bluetooth-enabled laptop, a signal on the screen of the thief's mobile displays not just its presence, but also its make or model.

The thieves then have an easy target and the expensive laptops are often stolen to order.

PC Davis said: "Blue-bugging techniques can also be used to hack into mobiles, which are increasingly used as portable data stores, with details such as passwords, PIN numbers and other sensitive information ready for the taking.

"These days, a great deal of confidential company information, bank account details, private emails and so on are accessible through laptops, PDAs and even mobiles.

"People should realise that as well as equipment losses, they are at serious risk of corporate data theft if Bluetooth devices are left enabled and unsecured." (more)

Biting with Bluetooth

The carwhisperer project...

Once the connection has been successfully established, the carwhisperer binary starts sending audio to, and recording audio from the headset. This allows attackers to inject audio data into the car. This could be fake traffic announcements or nice words. Attackers are also able to eavesdrop conversations among people sitting in the car.

Ideally, the carwhisperer is used with a toooned dongle and a directional antenna that enhances the range of a Bluetooth radio quite a bit. (more)

Bluetooth Sound Bites

When you talk over a hands-free Bluetooth device while driving your car, it is possible that some unwanted persons are listening to your conversation without your knowledge. Jim Stickley, ID theft expert and CTO of TraceSecurity, proved that the devices are vulnerable to eavesdropping.

Appearing on NBC’s TODAY show, Stickley demonstrated how vulnerable the hands-free car devices are even to the most simple of attacks.

During the testing, Stickly followed a car that was equipped with a hands-free Bluetooth device and listened the conversation without the knowledge of the occupants. (more)

GSM Cell Phone Encryption

I received a email from Silentel, s.r.o. in Slovakia with information about their novel new product designed to protect GSM cell phone calls against eavesdropping.

Interesting concept...
You provide the phone (any standard Smartphone using the Symbian OS). They provide the software and a hardware module with headset (pictured). The hardware connects to your cell phone using Bluetooth! Cool concept. Looks portable and covert.

Here is what they say...
"Silentel SecureCall is a system that encrypts your call through the GSM mobile phone and absolutely thwarts its tapping. Encryption uses the AES 256 algorithm which is currently the highest security standard worldwide. It is the system with the end-to-end security. The whole conversation from one user to the other is encrypted." (more)

Gumshoe Surveillance Trick #623

Department of Computer Science and Engineering, University of Washington - The Nike+iPod kit consists of a sensor which is placed in the sole of your left Nike+ shoe and a receiver which plugs into the bottom of the iPod Nano. The sensor in your shoe detects when you take steps (while walking or jogging) and transmits this information to the receiver.

When you walk or run the Nike+iPod sensor in your shoe will transmit messages using a wireless radio. These messages contain a unique identifier that can be detected from 60 feet away. This information is potentially private because it can reveal where you are, even when you'd prefer for a bad person to not know your location.

From Nike... Simply slip the Nike+ sensor into the Air Zoom Moire shoe pocket, or any other Nike+ Ready shoe, and head out. The Nike+ sensor slips unobtrusively into a pocket under the sockliner. Waterproof and virtually unbreakable. $29.00