Search



Categories

News

Videos

Underground

Vblogs

Hacking Challenges

Underground – Bluetooth Hacking

February 26th, 2009 by Patchy
In this Underground Video, Strome explains several bluetooth attacks used against mobile phones. He demonstrates the Bluebug attack which exploits a security loophole on cell phones allowing the attacker to take full control of the device. The Bluebug attack enables an attacker to initiate calls, read & send SMS messages, read & edit the phone book, and change settings. Furthermore, Strome shows another popular bluetooth attack called Bluesnarfing a.k.a. the OBEX Push Attack. Bluesnarfing allows an attacker to extract, create, and delete files on the mobile device.

Note: These bluetooth attacks only work on a hand full of cell phones. Full Scale Video Here
Download Here

If you would like to submit a video to Infinity Exists Underground send an email describing your video to underground@infinityexists.com

Posted in Underground | 22 Comments »

22 Responses

  1. overide Says:

    Nice video very well done.

  2. vs4vijay Says:

    nice job dude.
    it was awesomeeeeeeeeeeeeeeeee

  3. magicaj92 Says:

    i am having really trouble with the last command in this video for the bluebugger hack, minicom -m i get the same error as in the video. I am doing this on Backtrack 3, and everything works perfectly until the last command. How does the guy in the video get round this??
    I have also tried sudo minicom -m , but this does not change anything.

    Please help

    Magicaj92

  4. Strome Says:

    Hey Magicaj92,

    how I said in the vid: The KDE-Tools for bluetooth-stuff didn’t work on my computer and I saw in some Forums that many people have problems using bluetooth in a KDE-Linux. And Backtrack 3 is using KDE. Try it with Linux-Distribution with GNOME as Desktop interface. Before I made the video I tried Backtrack, of course. But Backtrack didn’t work.
    So, good luck.

    Strome

  5. Fingon Says:

    Hey Strome,

    is there a way to get the phonenumber of the hacked device?
    Even it is not saved in the phonebook?

    Would be usefull if I want to figure out who owns this cellphone in order to tell this person that he/she should disable their bluetooth while not using it.

    Thanks in advance
    Fingon

  6. magicaj92 Says:

    i have installed ubuntu, but i am still getting this error:

    sudo rfcomm bind /dev/rfcomm0
    Can’t find a config entry for rfcomm0

    pls help if you can!!!!

  7. maps007 Says:

    hey strome….for this attack had you paired your phone and laptop becaz every time you are trying to connect it asks for password..if this is the situation then how the remote bluetooth device is been hacked…is this a method to hack our own phone?

  8. Strome Says:

    @ magica92:
    have you entered the mac adress and the channel in the /etc/bluetooth/rfcomm.conf ?
    And in ubuntu you need some bluetooth-libraries installed: bluez, bluez-gnome, bluez-utils

    @ maps007:
    1: You are not allowed to hack into other people’s phones, so YES this is a method to hack your OWN phone.
    2: How the note says, bluesnarf and bluebug do only work on a small number of phones. Have you tierd it with a Sony Ericsson K800i ?
    3: I have not paired my phone.
    It is possible that Sony Ericsson has updated the firmware for its phones. My K800i is some years old and i didn’t update the firmware. And that’s good, because such attacks should tell the phone-manufacutrers that their phones can be hacked and that they should fix these vulnerablies.

    And with the most newer mobile phones bluesnarf and bluebug dont’t work.
    But if you want to, I can make a video with some other attacks, which can be used on new mobile phones, too.

  9. [Hacking] Video Tutorial on Bluetooth Hacking | Technofriends Says:

    [...] I had written about the various Bluetooth Hacking tools. In this Underground Video, Strome from Infinity Exists explains several bluetooth attacks used against mobile phones. He demonstrates the Bluebug attack [...]

  10. Links for March 15, 2009 - iStoleYour.info Says:

    [...] Underground – Bluetooth Hacking [...]

  11. maps007 Says:

    @ strome :
    thanks for the first tutorial you are really knowlegable person.But if you haven’t paired your mobile then why every time when you are trying to access to your phone it is asking for password?

    Yes, I want to have video tutorial for the attack on newer version of the mobile phones and valuable links. thanks

  12. Strome Says:

    Sorry maps007,

    I didn’t understand what you wanna told me with “it is asking for password”
    Do you mean when in the video it says “[sudo]password for phil:”
    THIS password IS NOT the password for my phone. It is my administrator-password for my Computer for Ubuntu, not for the phone. This is a misunderstanding.
    You can run Bluetooth-Tools only with administrator-rights.
    I hope it is clear now.

    And at the moment I don’t have any time, but when I have time again I will try to attack my phone with the new firmware. And if it works, of course I make a video for you.

  13. maps007 Says:

    @ Strome ,
    ok that is cleared here..Sorry I was confused for that b’caz i always use live cd which is having administrative rights sorry bro..and I will wait and regularly check for updates here.

  14. GlaDOS Says:

    Hi thanks for a great vid. Really cool to see how badly secured this technology is.

    I have a problem thou. When I use the
    # rfcomm bind /dev/rfcomm0
    I get the samme error that magicaj92 is getting:
    Can’t find a config entry for rfcomm0
    I am using ubuntu 8.04 and checked the dev directory and cant find the file rfcomm0. How to restore this file and if you could provide some more underlying information about what this file does I’m always curious..

    Ok before i subitted I found out what was wrong. In ubuntu the /etc/bluetooth/rfcomm.conf file was by default commented out. The hole thing was in comments like:
    # device 00:00:00:00:00:00
    So I just uncommented all the fields that was needed and now it works fine! Hope this works for u to magicaj.

  15. anddresn Says:

    Hey Strom,

    I’m getting stuck where i type the command sudo minicom -m after configuring minicom and saving the new configuration. When i try sudo minicom -m i get minicom: cannot open /dev/rfcomm0: no such file or directory. I have checked the rfcomm.conf file and it has the MAC address and the channel for the serial port. And also shows when i type “ls /dev” I’m running ubuntu 8.10 just like you. i believe it’s a permissions issue but i can’t figure it out.

    Thanks

    Andres

  16. Strome Says:

    Hi,

    @ anddresn:
    I think your phone is not vulnerable with bluebug then.

    At this point I should say for all guys here: Sony Ericsson updated the firmware and now the BlueBug-Attack do not work any longer on a K800i-phone. Now when I try this the phone shows a message “%hostname% is trying to access the phone? Allow?” And the victim can press “Deny”
    And if Sony Ericsson updated its phones i believe the ohter manufacturers did that, too.

    But I still started working on a new video including an attack which will work on updated phones.

    @ Fingon:
    There is a way that the victim’s phone will send a SMS Message to your phone including the phonenumber, but I don’t know the command for this …
    If you wanna tell the victim that the bluetooth is on there is a better way I will in my new vid then.

    Strome

  17. anddresn Says:

    I’ll be waiting for that video Strome

    Thanks,

    Andres

  18. user209 Says:

    @Strome:
    A very good video thanks, do you know which firmware version is vulnerable for the K800i and which firmware version patches the vulnerability?

    Thanks,

    Craig

  19. Strome Says:

    I don’t know. When I made this video the firmware on my phone was the oldest which is existing for K800i, because I bought the phone when it was released in 2006 I think.
    And when I upgraded my firmware I chose the newest which was available. But when I remember back I can’t say which version it was exactly. Sorry

    And at the moment I have some trouble whith my new video, because something isn’t working. I don’t know how much time it will take until I can post it. But I don’t give up!

    Strome

  20. renegade Says:

    This may be a dumb question, but do all Bluetooth devices have a serial interface?

    Here is the output of “sdptool browse” on my phone:
    http://pastebin.com/f61a23d03

    Judging from that output, the only channel that could possibly be acting as a serial port is channel 16, but after I configure and start rfcomm0 and try to connect with minicom, I get a dead console (i.e. I can’t type anything and I don’t receive data). Any help would be greatly appreciated.

  21. renegade Says:

    Nevermind, service “Bluetooth modem” (channel 8) works…I don’t know why I didn’t think of trying that before, lol.

  22. insanity Says:

    I have released a new Bluetooth Auditing tool.

    You can find it here: http://www.h4x.co.cc

You must be logged in to leave a comment.