digg

Join DiggAbout

Eavesdropping on Bluetooth Headsets watch!

5min.com — A demo on how to attack and capture audio on a Bluetooth headset using a handheld Nokia.

Bury
show profanity settings
expand all
  • Pissoff, on 11/30/2007, -5/+67Damn, I can't listen to his voice.
    • Terr01, on 12/01/2007, -2/+3Exactly: His voice is the key to preventing people from WANTING to eavesdrop.
  • Unclekoolaid, on 11/30/2007, -7/+28I hear the government can do the same thing but with our thoughts!
    • Kyderdog, on 11/30/2007, -2/+2Maybe yours.....:)
    • PaperMonkey, on 11/30/2007, -1/+7Duh.... that's what the tinfoil hats are for... (and they say I'm crazy)..
    • Farticus, on 11/30/2007, -1/+1I feel sorry for the poor spook that gets the job of listening in on your mental babble.
      ;-)
    • thomashallock, on 12/01/2007, -0/+1That's why I changed the default PIN of my brain to something other than 0000
      • Chaulis, on 12/02/2007, -0/+1The headset is the issue, and you can't change the pin to that.
  • Bridea, on 11/30/2007, -2/+15Any way to reset the default PIN value on my headset?
    • clickwir, on 11/30/2007, -1/+9No. :-)
      Isn't that wonderful? It's like you don't even have one!
    • physep, on 12/01/2007, -4/+1you can do anything you google enough(put you mind to)..
  • blackmage439, on 11/30/2007, -16/+7This is a serious question. How do you people watch this website's videos? I've tried both Firefox and Safari on Mac OS 10.5.1, and Firefox & IE7 on WinXP, but the site just looks like garbage on all four browsers. All browsers and both OSs are fully updated.
    • AppleGeorge, on 11/30/2007, -3/+16It works fine for me in Firefox.
    • leha, on 11/30/2007, -8/+0LOL, this guy uses tables with fixed width columns (fixed in pixels). Apparently he know nothing about html, nice way to gain trust of potential customers.
      • MaxPayne3476, on 11/30/2007, -1/+1? Are you talking about 5min? It's actually a pretty popular video site with some fascinating, if not exaggerted, ideas.
    • clickwir, on 11/30/2007, -3/+1Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/20071126 Ubuntu/7.10 (gutsy) Firefox/2.0.0.10
      Works fine here!
    • VitriolAndAngst, on 11/30/2007, -1/+1You might try upgrading your Flash plugin -- I don't know what type of video (codec) that sight is pushing.
      The plugins that affect Safari are going to live in /Library/Internet Plug-Ins/
    • timmay, on 12/01/2007, -1/+1don't worry it sucks for me too

      The flash player takes about 10-15 minutes to load for me.. just the player!
      i have a great system but i'm running dsl which i get like 70kbps download
      i'm sure thats the problem :(
  • kromem, on 11/30/2007, -9/+3Meh. He doesn't really explain that this is only for local conversation evesdropping.

    It doesn't record your phone call, but if you have your bluetooth headset just on your head and not in use, it can capture your audio.

    Neat trick, but not as big a security issue as the title suggests.
    • clickwir, on 11/30/2007, -1/+51) How much more of an explanation do you want? He does explicitly say that it's not recording the phone conversation and that it's just the mic.
      2) I think this is a bigger security risk, seeing as most people understand that if you are on a phone call, it has the technical ability to be recorded. But most people don't know that a bluetooth headset has this ability when they think it's not in use.
      3) Great way to just DOS someone by just running down their battery.
  • funkydude101, on 11/30/2007, -1/+25Wow, I always doubted bluetooth security (hell, even the bluetooth tool kit for certain nokia s60 phones was pretty amazing)...but to be able to record audio when the user is not aware is one hell of a vulnerability.
  • sharkd, on 11/30/2007, -5/+6While an interesting proof of concept, the only thing I'm convinced of is that Joshua Wright is Balok all grown'd up.

    http://memory-alpha.org/en/wiki/Balok
  • Amablue, on 11/30/2007, -2/+8I must try this. I'm not evil, I just like know how this sort of stuff works. This would be great for pranks.
  • Tomchei, on 11/30/2007, -3/+15He failed to say the you need the Bluetooth ID to connect to. He kind of sneaked it in there.
    • SmokeN-DC, on 11/30/2007, -0/+7I believe that's one of the things the sniffer program gets for you he did not show all the ID he found.
    • MiDri, on 11/30/2007, -0/+9Bluetooth sniffer software will get you that info. There used to be a cool program for symbian OS that did it.
  • Skanadian, on 11/30/2007, -5/+1I can't believe that guy actually used that line. That was terrible.
    • pault107, on 11/30/2007, -1/+1Umm, didn't you see the "Dramatization" title pop up? It didn't really happen.
  • gamer31, on 11/30/2007, -3/+38Was the guy ordering a bagel really that funny?
    • mypreciousss, on 11/30/2007, -8/+2Hm.. Might just be me but I didn't know people ordered bagels over the phone...
    • volacide, on 11/30/2007, -0/+6"Dramatization"
      • mypreciousss, on 11/30/2007, -2/+2I think he could have come up with a better dramatization...
    • freezervv, on 11/30/2007, -2/+1And by "Dramatization" they meant (for mypreciousss's benefit [RTFA btw]) "audio captured with the bluetooth mic, when not making a call, of someone ordering at the counter -- please don't sue us."
      • mypreciousss, on 11/30/2007, -1/+2d'oh.. in my defense i was multitasking when i watched that vid ;-)
    • physep, on 12/01/2007, -1/+1HEY, This is a Proof of Concept.. ., 'ordering a bagel,' thats as far as 'our' collective creativity can go>?.... c'Mon This is not about ordering bagles!!!!
  • joshmoney, on 11/30/2007, -1/+15I was waiting for him to pull an actual prank. :(
  • selectionerror, on 11/30/2007, -1/+5uh yeah that 12 digit hex ID that he snuck in there at the end kind of makes this whole "hack" bogus, dontcha think? htf do you get the ID of your target's device?
    • TRENT310, on 11/30/2007, -1/+2I use Network Chemistry's Bluescanner to find the device ID. They don't offer it anymore since Aruba bought them, but it's floating around the internet in various archived file-packs.
    • vvaduva, on 12/01/2007, -1/+2It's called a MAC address, and you can discover it easily with a wireless sniffer.
  • noflashlight, on 11/30/2007, -11/+3wow...
    i used to work at that starbucks
    • NotOptium, on 12/01/2007, -1/+1Isn't that the one on Thayer St. in Providence, RI? My sister works there now.
  • totorototoro, on 11/30/2007, -3/+30Given how ***** loud and obnoxious people are while talking on those bluetooth headsets in public anyways, do you really need to do this? :p
    • MaxPayne3476, on 11/30/2007, -0/+3THAT is exactly what I was thinking? I could just get a mini-recorder and stand 10 feet from one of those douchebags! I have one that stays put in my car since in NJ it's illegal to talk on your cell (also a very douche-like move), but I hate people that walk around just screaming into it since they don't realize that the mics are sensitive enough!
    • formergthing, on 11/30/2007, -4/+2He was able to listen to a conversation within range of the bluetooth earpiece. The person didn't even have to be on the phone. Pretty awesome if you ask me.
  • HypocriteDigg, on 11/30/2007, -4/+28OMG, wouldn't it have been easier to go get a cup of coffee and sit next to the guy???? SO LAME!!!!
    • formergthing, on 11/30/2007, -2/+3Maybe, but not nearly as cool.
    • physep, on 12/01/2007, -1/+10?m?g? sit next to the guy>??? I think your missing the point!!
  • digghasnoethics, on 11/30/2007, -2/+3In general you have to put a headset into 'pairing' mode before it will connect to a new device. That mode only lasts a limited time. So how are you going to manage this from a distance?
  • KingBunny, on 11/30/2007, -1/+4He's not talking... he's YELLING QUIETLY.
  • bj00rn, on 11/30/2007, -3/+2Oh gawd, who the hell cares.. If someone is bored enough to go actually bother to do that just to listen to my conversations then go for it. Wait, I don't even use BT headsets, and my pins are not "0000". Oh well.. He had an annoying voice.
  • murf43143, on 11/30/2007, -2/+1Buried for a title that lies. Way to try and get diggs for a misleading title when the only thing you do is make me hate you. (not hate, but really would never want to talk to you... ever)
  • KIERANMULLEN, on 11/30/2007, -3/+4More 5min.com spam from their hired posters (to gain web traffic to their dismal site).
  • keitarofujiwara, on 11/30/2007, -6/+1Buried because of the amount of gayness.
  • brent218, on 11/30/2007, -1/+1if your that close that bluetooth can be connected why not walk along near them and listen in stereo
  • pandawa, on 11/30/2007, -4/+1This guy struggles at everything including life and having friends....that said, i'm going to drown myself for watching that...
  • physep, on 12/01/2007, -1/+1If we learns anything from this, we should know that to educate oneself is the best deterrent.
  • Quote737, on 12/01/2007, -0/+2Was I the only one that thought he was going to play moaning when I saw the file "eargasm.wav".
  • fcukbush, on 12/01/2007, -0/+3Sometimes when im in the pub and i get bored i use my phone to scan for earpieces. When i find one i connect and then call my friend. it's pretty funny if you are in ear shot listening to the guy in the pub talking to your friend when both have no idea what is happening.

    I have always wanted to take two phones. Use one to connect and then call the other so i can talk to them.... "hello neo......."
  • mrgulabull, on 12/02/2007, -0/+2Why is this guy in a career that requires him to speak? It's like a man with a prosthetic leg competing in the 100 yard dash. Sure he CAN do it, but it's still painful to watch.
  • Ender110, on 12/03/2007, -0/+0Somehow the man with the annoying voice knew the bd address without running hcitool scan. O_o
  • TheKappa, on 12/06/2007, -0/+1I couldn't finish the video... the guy's prissy voice GRATED on my nerves!
  • manonfire285, on 12/06/2007, -0/+1i hate 5min.com

    won't let me watch cuz of freakin flash issues...
    grumble grumble grumble...
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.