The BlueBag: A Mobile, Covert Bluetooth Attack and Infection Device presented at BlackhatUSA 2006

by Claudio Merloni, Luca Carettoni,

Summary : How could an attacker steal the phone numbers stored on your mobile, eavesdrop your conversations, see what you're typing on the keyboard, take pictures of the room you're in, and monitor everything you're doing, without ever getting in the range of your Bluetooth mobile phone?
In this talk we present a set of projects that can be combined to exploit Bluetooth devices (and users...), weaknesses building a distributed network of agents spreading via Bluetooth which can seek given targets and exploit the devices to log keystrokes, steal data, record audio data, take pictures and then send the collected data back to the attacker, either through the agents network or directly to the attacker. We show the different elements that compose the whole project, giving an estimate, through real data and mathematical models, of the effectiveness of that kind of attack. We also show what our hidden, effective and cool worm-spreading trolley looks like: say hello to the BlueBag!