Linkedin Reddit Pocket Flipboard Email. Next Up In Tech. Sign up for the newsletter Verge Deals Subscribe to get the best Verge-approved tech deals of the week. Just one more thing! Please confirm your subscription to Verge Deals via the verification email we just sent you. Email required. By signing up, you agree to our Privacy Notice and European users agree to the data transfer policy.
Loading comments Bluejacking - This is a practice of sending an unsolicited message of nearby Bluetooth devices. This type of attack is often executed using texts. However, the attackers can also use images or sounds to launch the attack. Bluejacking is relatively harmless but does some confusion when users start receiving messages.
Bluesnarfing - Any unauthorized access to or theft of information from a wireless device through Bluetooth connection is Bluesnarfing. Attackers use tools such as hcitool and obexftp to exploit a vulnerability in the Bluetooth and can access information such as the user's calendar, contact list, and e-mail and text messages.
They can also see which networks your device has previously connected to; this is important because your phone treats these networks as trusted and will connect to them automatically in future. If the cybercriminals can replicate a trusted network , they can trick your device into connecting to Wi-Fi and Bluetooth devices that they control. The hackers can then bombard your device with malware, spy on you and even steal your data from your text messages and apps.
Once a smartphone has been compromised, the hacker can intercept and redirect phone calls, access bank details, send or receive files or simply watch what you are doing in real time. Bluebugging is often performed in busy public places, often where there are a lot of routine commuters.
Choosing a busy place allows them to remain undetected and to monitor the same devices which pass by regularly. Hackers may also choose places where people linger for several hours like cafes, pubs and restaurants.
Dorset Police recently discovered an instance of bluebugging in the busy seaside town of Bournemouth. Local residents began reporting incidents where they were receiving automated messages and files from unknown senders as they walked through the city.
Dorset Police issued some guidance to Bournemouth residents — advice that we can all use to avoid becoming victims of bluebugging. While it comes with a small antenna, opting for some of the accessories like a dipole and a patch antenna can greatly extend the range of the device - for example, the patch antenna can increase the range up to a kilometer.
Again, pay attention to expected drivers on Windows, and on Linux there should be no issue. Figure 4. This dipole antenna on the UD gives it a range of about half a kilometer line of sight. The big pluses with this setup is that even the larger antenna when detached fits neatly in a bag and substantially increases the range. For both scanning and probing, this is a rock star. However, the biggest minus is that it is hardly stealthy. Entire presentations have been done around Ubertooth , and while it has its strengths, it also has limitations.
When it works, it works decently and will help get you data that is generally fairly hard to get otherwise. But getting to that point is rather difficult.
Expect dropped packets and a lot of restarts of whatever Bluetooth activity you are trying to capture, because getting a complete picture of what is happening Bluetooth-wise will take some patience - especially if you try sniffing. As we talked about earlier, Bluetooth operates by hopping through frequencies within a specific range, or spectrum. Being that it is programmable is definitely a plus, and all of the software utilities - including firmware - are open-source.
You can hook up a more powerful dipole antenna and get better range out of it in a field setting, but frankly, the Ubertooth performs best in a controlled lab environment. The Nordic Semiconductor nRFDK device is a pretty good Bluetooth transmitter and receiver, with the sniffing abilities working better than expected.
Like the Ubertooth, it is programmable, but the out-of-the-box firmware is fine for most quick hacker work, including sniffing. The range is limited, but the quality is high. Nordic Semiconductor supplies a lot of the chips and hardware solutions in IoT, so they tend to make inexpensive hardware to help developers test their creations.
Figure 5. This thing was made for serious developers and hackers alike. While the Ubertooth might have a slight advantage as far as distance goes, this is a great USB device for the lab.
Due to the amount of designers and developers building IoT devices and writing IoT software for the various chipsets that Nordic Semiconductor makes, the community support for this device is rapidly growing.
Figure 6. Why do these high-end tools cost so much? Because they work so well. The high-end machines work differently, by simply grabbing the entire Bluetooth spectrum at once, capturing everything.
Specialized software is used to help control the device and read the captured data, and typically only runs on Windows. These devices are built for lab work, but one could easily add beefier antennas, and, as long as they can meet the power requirements, this could be considered an excellent field device as well some high-end models are even marketed that way - built for both lab and field.
For the Linux hacker, it is all about the command line interface CLI. There are plenty of CLI tools for Bluetooth and many of them provide useful information, although not all of them provide output in any consistent manner.
0コメント