Hacking The Bluetooth Stack For Fun, Fame And Profit presented at HITBSecConf Malaysia 2007

by Dino Covotsos,

Tags: Security Wireless Access Business Testing

Summary : Presentation Title:Presentation Details:Enhancements in cellular technology and mobile computing in recent years has lead to the availability of affordable and powerful mobile devices. Where before cellular phones where relegated only to the business class and other members of the upper-echelon of society, today they are deemed a necessity and have become so cheap in comparison to phones of years past that almost anybody can own one.One of these enhancements is definitely the Bluetooth specification, which allows for the creation of short range wireless personal area networks. In recent years however, it has come to light that various flaws exist in certain Bluetooth implementations. Our paper aims at demystifying these vulnerabilities. Amongst other things it will include the procedures involved in bluesnarfing, the potential hazards of bluejacking as well as the backdooring of mobile devices. We will also be demonstrating the tools and techniques used in accomplishing the above listed attacks.A breakdown of what will be on display is as follows:Bluesnarfing - A demonstration video will be made available, showing how restricted phone data such as phonebooks and international mobile equipment identities can be harvested from vulnerable phones.A derivative of the bluesnarfing is the bluesnarf++ attack. Where normal bluesnarfing exploits the object exchange’s push profile daemon, the bluesnarf++ attack targets the object exchange’s file transfer profile, effectively giving attackers full access to any data stored on the device if successful.Gaining access to a phones AT command set via RFCOMM channels allows attackers to make phone calls, send and read sms’s and more, depending on the make and model of the phone being targeted. Also known as a bluebug attack, it has caused a stir recently when it was discovered that victim’s phones were being used to call premium-rate numbers.Backdooring a mobile device via Bluetooth involves hiding the device - be it a laptop or another mobile device - from the targets paired devices register. This technique can be used to enhance bluesnarfing attacks.About DinoDino Covotsos is the Founder and Managing Director of Telspace Systems, a South African IT security firm which started business in 2002. Mr. Covotsos has many years of experience in the IT security industry and has been involved in many different large scale projects worldwide, ranging from vulnerability assessment to attack and penetration testing for corporate clients. Mr.Covotsos uses his hands on knowledge to help secure corporate networks in new and unique ways and has also written articles for various magazines in the IT and Government sector specifically on information security issues.