Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Bluetooth Pentesting?
From: Times Enemy <times () krr org>
Date: Tue, 22 Aug 2006 07:42:56 -0700

Greetings.

Of course there are risks with Bluetooth.

Bluetooth security is generally so pathetic, in regards to factory set defaults in use, that all you need is some sort of method of attempting a passkey, such as a BT enabled laptop, or even a phone or PDA, and about three generic attempts. If the three do not work, try to identify the hardware, and simply all their technical support, or read their documentation.

Most wireless systems are vulnerable at authentication. So, the only trick then becomes to drop the connection and listen.

http://trifinite.org/ has an interesting project related to car systems (Car Whisperer), and i believe they branch out some with their BT Audit tool and such. I have not had the opportunity to test it, but their site/documentation/articles make for good reading.

http://www.google.com/search?hl=en&lr=&q=hijack+bluetooth&btnG=Search ought to yield enough reading to get practical.

.times enemy
Key Rack Research - http://www.krr.org


steven () lovebug org wrote:
Greetings,

Does anyone on this list do bluetooth pentesting?  I have read tons of old
posts and found plenty of tools to do a few different things.  However, I
do not find any of it to be overly useful.  Most of the tools out there
seem to be aimed at certain cell phones or are very specific.  I am trying
to find out what the risks are of all kinds of devices.  I have found
btscanner to be pretty good at detecting devices but it doesn't do too
much other than detect it.  I can scan and pickup 150+ devices and the
Vulnerable to: section is always the same.. blank.  Are all the bluetooth
devices I find so super secure?  I pick up cars, phones, PDAs, computers,
keyboards, etc.  Are there really no risks with these devices?

Is there a better/good tool out there that can really find various
bluetooth devices and tell me what -real- risks might be associated with
them -- on top of that.. is there a good tool for trying to pull data or
use these devices?  Example: a dell or mac laptop has bluetooth on, or a
Treo with it on.. what are the possible risks?  What tools can actually
test if authentication is required for connecting with these devices.. or
whether I can bruteforce it or connect at all?

Any suggestions would be greatly appreciate and I am really trying to do
something more than just "detect" bluetooth devices.  I need to know if
there are risks here.

Thanks


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]