digg

Join DiggAbout

How To Eavesdrop on Bluetooth Conversations watch!

5min.com — A demo on how to attack and capture audio on a Bluetooth headset using a handheld Nokia.

Bury
show profanity settings
expand all
  • Surferess, on 05/21/2008, -7/+13This is pretty scary. Glad I have an old cheap crappy cell phone now.
    • KnifeOrSpoon, on 05/21/2008, -1/+6Same. I used to have Nokia n95 and that thing was so dodgy it made me cry. Now I feel a little more insulated with my new prehistoric piece of gold.
    • altrego99, on 05/21/2008, -6/+5Non-techie Solution: Do not buy a bluetooth headset - and if you're using it do not divulge sensitive information while talking on it.

      Shutting yourself on technology is not the solution - understanding it is. If this video causes you to panic, you don't really deserve to carry an N95!
    • Bersy, on 05/21/2008, -0/+2Heh if anything "cheap crappy cells" are even easier to eavesdrop on. When I was younger I had this wireless headset like the type where you plug the base into a receiver but you can listen from anywhere within say, 20-30 meters... well I would walk up onto a hill overlooking the highway with the headset and fiddle with the frequency dial, and suddenly I was overhearing cellphone conversations left and right. It was pretty nifty.
      • directrix13, on 05/21/2008, -1/+2Nifty. But that doesn't work anymore. You could do that with any handset back in the analog cell days. Now that its all digital, it would be difficult to do with expensive hardware.
  • LewP, on 05/21/2008, -14/+2I agree with you Surferess, I knew there was a reason I don't like those goofy looking things.
    • zdiddy85, on 05/21/2008, -2/+11I don't agree with your inability to reply correctly.
      • FadieZ, on 05/21/2008, -1/+9I agree with your ability to reply to an incorrect reply correctly.
        • zdiddy85, on 05/21/2008, -0/+5thanks for agreeing in your reply to my correct reply about an incorrect reply.
  • louiebaur, on 05/21/2008, -1/+24Wow that looks like a fun thing to do why you are hanging out around starbucks
    • obijohn, on 05/21/2008, -1/+5While.

      Although, "why" could work there if you used some punctuation.
    • Jesusridesabike, on 05/21/2008, -0/+12This technology would be perfect for rick rolling.
  • Neticule, on 05/21/2008, -5/+15Why is bluetooth so insecure? Did the creators just decide not to worry about it or something?
    • Phreakinus, on 05/21/2008, -6/+1That's pretty much how it always seems to go. It seems like either a) nobody knows jack ***** about security, or b) they simply don't care about security
      • trixterIreland, on 05/21/2008, -0/+8The spec allows for 3 levels of authentication/privacy.
        1. nothing at all
        2. pin only
        3. pin + encryption

        When you pair the device some information is shared by the devices that sets the key, however many devices dont really encrypt they only do pin authentication. This means that its trivial to actually listen to conversations.
        • Markpdotcom, on 05/21/2008, -1/+5If you have the correct pin.
          Change your pin people, it is really that simple!
        • dubloe7, on 05/21/2008, -0/+1yeah, but how many people change their pin?
          i wonder if someone has done a survey on that...
        • rootneg2, on 05/27/2008, -0/+1i changed mine to 1234
    • lamiaconfitor, on 05/21/2008, -3/+10its not that Bluetooth is more or less insecure then any other tech... the only people he could listen in on were people dumb enough to leave their headset passwords on the default. (if you were paying attention. If not, then yes, it is totally insecure.) compare it to taking your laptop in public without a firewall, antivirus, or going on any foreign network without even putting a password on your computer. this isn't to say that you cant get into bluetooth connections with other passwords, but a minimum amount in intelligence is helpful.
      • centerblack, on 05/21/2008, -0/+8You can't change the pin on all headsets. I own the Jawbone mentioned in the video, and the pin 0000 cannot be changed.
        • lamiaconfitor, on 05/22/2008, -0/+1good reason not to buy one.
        • benexor, on 05/22/2008, -0/+1I never had one that could be changed. unchangeable 0000 is amazingly stupid.
      • Solis, on 05/21/2008, -1/+1You tell me how it's possible to change the pin and then what you've said might have validity.
    • NICU, on 05/21/2008, -2/+3Bluetooth itself can be very secure, its up to the users to make sure their devices are configured right.
    • awtripp, on 05/21/2008, -0/+2anyone remember the virus dropped on to a lexus via bluetooth?
    • AngryAngryBrian, on 05/21/2008, -0/+111) Make it cheap
      2) Make it Easy
      3) Make it Fast
      4) Make it Secure

      You can only pick two.
      • directrix13, on 05/21/2008, -0/+4Or don't get it made in India or China and have all those attributes.
        • Tenoq, on 05/22/2008, -1/+1No, it's can't be cheap if it's not made in China or India.
        • directrix13, on 05/22/2008, -1/+1Illegal Mexican labor FTW!
      • homer420032003, on 05/22/2008, -0/+2The why don't we have cheap secure bluetooth headsets
  • GratefulGroover, on 05/21/2008, -2/+82Totally Bogus! He did not eavsdrop, he made a direction to a headset device and then sent audio defice. You can get the bd_addr from any device that is discoverable and then connect. Pin 0000 is very common for headsets and is hard coded in the units ROM (similar). However, if you've got a headset paired already then it is usually no longer discoverable or accepting any other connections so safe. The latest BT standard makes Bluetooth even more secure and then a fixed pin will no longer be a problem (elliptical curve encryption). Still open to Man In The Middle attacks though, when using 'just works' simple pairing.
    • LewP, on 05/21/2008, -12/+5What did you say? lol
    • acetv, on 05/21/2008, -2/+4Really? There's encryption that uses elliptic curves? That sounds really interesting, got a link?
      • trixterIreland, on 05/21/2008, -0/+3ECC is not new, its also believed to be fairly immune to quantum computer attacks (mostly because no one knows yet how to express the math, something that may change in the future, especially when quantum computers actually get built).

        google for "elliptic curve cryptography" you will find a bunch of results.
      • peverett, on 05/21/2008, -0/+2Bluetooth 2.1 Secure Simple Pairing FTW -> http://www.bluetooth.com/NR/rdonlyres/0A0B3F36-D15 ...
    • Mootabolife, on 05/21/2008, -1/+17Quick Summary for you: Connect your ***** at home, and then turn discovery off.
    • FizzanoMatrix, on 05/21/2008, -0/+1Only if the filtering is run through lower level address configs though, or if the BT headset is using newer trunking encryption.
  • tayuku, on 05/21/2008, -9/+0Holy *****.
  • sagep88, on 05/21/2008, -1/+2http://trifinite.org/trifinite_stuff_bluebug.html
    haven't tried this yet but sounds like it would work
  • emt1451, on 05/21/2008, -6/+101Holy crap what an annoying voice.
  • bryanwebster, on 05/21/2008, -0/+21was interesting right up to the point of the conversation and then "dramatization" apeared on the screen.
  • rockpeteuk, on 05/21/2008, -3/+7this was up how long ago
  • sodoh, on 05/21/2008, -1/+9Just change the pin on the headset. This trick may of worked years ago but a lot of the stuff now stops casual snooping.
  • EnforcerErik, on 05/21/2008, -3/+74This technology is clearly designed so you can Rick Roll people's cellular conversations.
    • lamiaconfitor, on 05/21/2008, -0/+4so let it be written, so let it be done!
    • GratefulGroover, on 05/21/2008, -0/+2man i haven't been Rick Rolled in a minute. I miss it :(
  • Hale, on 05/21/2008, -2/+451) The headset has to be in a discoverable mode to make the connection!
    2) Most headsets won't allow more than one connection at a time.. meaning this won't work.

    Buried as inaccurate.
    • lamiaconfitor, on 05/21/2008, -9/+10well, he does not explicitly say this, but he is standing in front of a starbucks, so the chances of him finding someone who knows nothing about technology (AKA a person with more money then sense... like a mac-head) is highly likely, and these people will totally buy stuff that is built with 'universal'/easy to use features.
    • trixterIreland, on 05/21/2008, -0/+2it actually does work, and if you google for "carwhisperer" you will find places to get the software he used, and you can then test it for yourself.

      It does not work on all headsets, and given that its now a couple years old I dont know how many fixed the problem originally. I know that the original intent of carwhisperer was a proof of concept exploit for a paper written about in car bluetooth speaker phone systems that were quite insecure. They contacted the various car makers that had vulnerable systems who may have contacted whomever actually makes the bluetooth device.

      All this is is a person who has taken someone elses work, made a video, all to pimp sans.org.

      http://events.ccc.de/congress/2005/fahrplan/events ...
      Chaos Computer Club lecture which includes references to car whisperer (and actually other attacks for bluetooth). There is a video of the lecture somewhere on ccc.de in mp4 and a few other formats if you are really curious about what was said.
    • mentor972, on 05/21/2008, -1/+3He stated that it's only for listening through the earpiece. No the phone call. Watch the video next time.
  • bokep, on 05/21/2008, -11/+9People who use bluetooth headsets in public are self righteous assholes
    • GregFD3S, on 05/21/2008, -3/+3Here is a solution:

      www.sabiadesign.com/blog/hilarious_solutions_for_annoying_cell_phone_people
    • lamiaconfitor, on 05/21/2008, -1/+2or they are trying to do something like drive and talk on their cellphones at the same time, with a minimum of distraction. also, at work, when I have a pen and paper in either hand, and radio traffic coming through over my shoulder, I like the headset there for easy communication with other parties, such as my supervisor.
    • p51d007, on 05/21/2008, -0/+1Geez! Take a chill pill.
      I use my BT headset 8-10 hours a day. I do electronic repair work in the field, and sometimes I have to be on the phone with another tech, and it's a lot easier and less painful on the neck to have a BT.
    • bokep, on 05/21/2008, -0/+2i don't care if you're working or driving, that's not in public. if you're walking around town going to starbucks with a BT headset talking to your buddy about the poker game on friday, you are an *****.
  • GregFD3S, on 05/21/2008, -3/+4Doesn't the Bluetooth headset make beeping noises and/or flashes lights when it is paired with a device?
  • sboyerfour, on 05/21/2008, -9/+5Why would you want to listen to someone elses phone conversation is my question? ***** boring
    • Canuck, on 05/21/2008, -0/+1you aren't listening to their phone conversation. You are listening to the wearer of the headsets conversation. The headset needs to be in a discoverable mode which means that it isn't connected to a phone.
    • Twinnie, on 05/21/2008, -0/+0Because people read out all sorts of personal and private information when using bluetooth headsets in public places.
  • GregFD3S, on 05/21/2008, -7/+0Here is a better solution for these Bluetooth people:
    www.sabiadesign.com/blog/hilarious_solutions_for_annoying_cell_phone_people
  • trixterIreland, on 05/21/2008, -0/+5this really is old old information. Years ago live demos were done that would attack bluetooth systems, a popular thing at that time was for the automobiles that have integrated bluetooth "speakerphone" installs. From remote you would be able to enable this, and listen to what is said in the car (presumably as you drive down the highway) and also say things to people in the car. The default "attack" would just play a sound file informing drivers to drive safely.

    The flaws with bluetooth are grester than just listening to a conversation. Most devices, ie phones, will not actually disable things like file sharing but just not advertise that they support it. If you are only using a default device it will not try to transfer files, but if you use a laptop with bluetooth and some software that will ignore what is claimed to be supported and try to share files anyway, it often will work on many devices. This leads to compromises in phonebooks and other data that may exist on the phone. There is also the potential that a new file can be uploaded, which can cause the phone owner to go "oh what is this?" and run it which on many phones now can do more harm than just calling a premium number which compensates the person who uploaded that file.
    • trixterIreland, on 05/21/2008, -0/+2I discovered that he was using carwhisperer (the site is a bit slow due to the digg effect) that is the multi-year old one I referenced in the above. This is not new, its someone taking soemthing done YEARS ago by someone else entirely and just making a movie about it.

      The reason its "car whisperer" is when the original paper describing the attack was done the proof of concept was a program that would play the "drive safe" message and was largely against vehicles that all used the same pin and other info.

      nothing new move along ... (there are FAR more interesting attacks elsewhere on bluetooth)
  • GregFD3S, on 05/21/2008, -12/+3A better solution for these annoying Bluetooth people:
    www.sabiadesign.com/blog/hilarious_solutions_for_annoying_cell_phone_people
  • johndajap56, on 05/21/2008, -7/+38Bluetooth headsets are for douchebags anyway
    • Godlike, on 06/05/2008, -0/+1Bluetooth headsets are for douchebags that have free hands...

      The reality of it is that people will use cellphones anywhere and I'd rather have the distracted ***** behind the wheel of the car have both hands on it rather than one hand on a cellphone.

      It won't ever, ever matter if you don't like it or think it's rude. What you think about it doesn't change anything, unless you are willing to start looking people using them right in the eyes, interrupt their conversation and say 'You are really rude and annoying with that thing" nothing will ever change.

      So shut the ***** up.
  • HolyJaw, on 05/21/2008, -0/+3Although this has been on Digg at least twice before, it should be noted that this isn't a "How to" because all he does is kind of prove that it's maybe doable.

    What it is necessary to know is that in order to do this, you'll need a UMPC loaded with Linux, and certain bluetooth kernels. Then it's just a matter of learning the tricks and being able to do it without anyone noticing.

    That and the fact that as it's been said already, the latest BT headsets are updated enough to not allow any bluephucking to take place.
    • trixterIreland, on 05/21/2008, -0/+0not really a UMPC I had a ipaq pda that ran linux and had bluetooth. Without a good keyboard its a bit slow to type but you can do all of this on that.

      For carwhisperer all you really need is a linux box, compatible bluetooth dongle that works with the bluez stack, and google to find and download the program.

      See my posts below though about a 2005 lecture that included this program along with other attacks such as actually listening to calls. Then remember that was 3 years ago and that bluetooth hasnt really done much in that time (changing the spec doesnt eliminate older devices, nor does it immediately fix the fundamental problems). The bluetooth hacking scene however has done things in those 3 years, allowing for better more efficient attacks.

      • Godlike, on 06/05/2008, -0/+1The problem for most people is that the "Bluetooth Standard" is exactly NOT ***** standard; and good luck finding dongle drivers for your random whatever manufacturer PDA or halftop, I bet you can't get 80% of the bluetooth cards out there to do ***** at all with 80% of the cell phones out there without binding them, simply because they are normally incompatible on a base level and only happen to share the standard of bluetooth voice.
  • trixterIreland, on 05/21/2008, -1/+0As you can see mentioning "carwhisperer" in 2005 at a lecture does indicate that the program used is not exactly new.

    http://events.ccc.de/congress/2005/fahrplan/events ...
    better, more current information on all of this.

    http://mirrors.easynews.com/defcon/22c3-video-mp4/ ...
    Video of said lecture (the torrent tracker for the lecture is not responding). Note some of the mp4 videos CCC has made are not ipod compatible, I do not know if this one is because I refuse to drink the kool aid that steve jobs is selling.

  • Archer007, on 05/21/2008, -4/+2Old.
  • Lionhart, on 05/21/2008, -7/+2Filed under Get a life...
  • bb5999, on 05/21/2008, -10/+4job?

    girlfriend?

    life?
  • k00k, on 05/21/2008, -4/+3I know you dirty diggers just wanted the camera to follow that girl with the white shorts that walked out of Starbucks.
  • Bmarofsky, on 05/21/2008, -0/+4So how often do you know the Bluetooth address of the device you are targeting?
    • indiekiduk, on 05/21/2008, -1/+1You'd have to learn what all the models look like and what the manufacturers are and also have a list of BT Macs ranges for each manufacturer. Then when you scan if there are multiple BT devices in range of type headset you might be able to narrow it down to the target one you are looking at. Probably very hard to build the list though as there are just so many BT headsets models out there.
    • zeroepoch, on 05/21/2008, -0/+1You can just scan for them, like you do when you connect your own bluetooth devices. They all have names associated with them. I can see 2 or 3 bluetooth phones from my desktop computer usually.
  • yngtimmy, on 05/21/2008, -6/+1it was ok till he whipped out the technical mumbo jumbo
  • 3eaky, on 05/21/2008, -3/+1yeah, he went a little fast on the techno stuff, another video needed for that - but very cool info...
    • celticchrys, on 05/21/2008, -0/+4Um, it's a _video_, which you can pause and replay as many times as needed. And if you're not tech savvy enough to let this lead you in further research, why do you care?
  • bmt626, on 05/21/2008, -0/+1ummm everyhead set i have ever used required you place the headset in a pairing mode in order for it to be discoverable by and device it is not already paired with so i dont see how this would work even if you are sending out a signal / pin of 0000 it wont work unless the headset is set to be pair and i highly doubt anyone will be walking around in paring mode.
  • MrFurious2k, on 05/21/2008, -0/+1Interesting but as many have already commented, that it's not that practical. Most BT headsets cannot be paired again without going through another set of procedures.
  • surbo, on 05/21/2008, -1/+1please could you also post how to crack wep... please I have never seen that. also make sure you sync the audio
  • pigglesnout, on 05/21/2008, -0/+1Lol, because everyones going to have the MAC address of the headset you want to listen in on.
  • pattyman5000, on 05/21/2008, -0/+18Most BT users talk loud enough that you can hear the conversation anyway. No need to hack.
  • eanbowman, on 05/21/2008, -0/+6As usual, the digg comments are full of the type of douche-baggery I'd expect.

    1) This is simply a technical demonstration.
    2) Tons of devices based on old chipsets (because they're cheap to make) are still vulnerable.
    3) You can always get the MAC address by monitoring traffic.
    4) Of course he's a nerd, he's showing you how to hack bluetooth. Why? Not just to wave his e-peen. He's letting people know that it's not a secure way to converse. Dumbass.

    The only valid comment I see is the one about it being old news. :P
  • hutectro, on 05/21/2008, -0/+1Article is OLD been on digg before.
  • griz, on 05/21/2008, -0/+1Why is it necessary to show details of the exploit rather than just showing people how to protect themselves against attack? People don't need to know how to write a virus in order to run antivirus. The responsible thing to do is to explain the attack in general terms and then explain the fix.
  • D4rkDrago0n, on 05/21/2008, -1/+1lot at eargasm
  • iknoritesrsly, on 05/21/2008, -0/+1that is the single neardiest ***** i've seen in ages. haha.

    props to that guy though, cool vid.
  • pfwd, on 05/21/2008, -0/+2I thought it was a good demonstration. It may be old but that's no reason to diss it. Its good to know knowledge
  • gopy, on 05/21/2008, -0/+1Is today like... way-back-wednesday? so many top articles today have been submitted under a dif title months ago.
  • marcomc2, on 05/21/2008, -0/+1What an annoying ***** guy
  • rrouse, on 05/21/2008, -0/+1This is the kind of presentation that you would see at DEFCON.
  • Mattso, on 05/21/2008, -0/+0I got fooled into thinking I was able to tell how long this video was by the address and now I realize how much I would LOVE to have that feature on digg.
  • 4U55l3NlNJ4, on 05/22/2008, -0/+1I'm so glad I use blackbeard instead of bluetooth. Aargh matey!!!
  • kd1s, on 05/22/2008, -0/+1And I know just which Starbucks he's in front of. It's on Thayer St. in Providence, RI. I can clearly see the Science Library in the background. I also figured it out when I saw the Capital Records Management truck with the Dome logo.
  • shalini552, on 05/22/2008, -2/+0Click this link & watch it!!!!
    http://www.youtube.com/watch?v=3UQRY-T6h84
  • pox05, on 05/22/2008, -0/+2i know that starbucks! it is on thayer street in ri

    heres a pic - http://farm2.static.flickr.com/1240/1261278449_0f2 ...
  • robotderek42, on 05/22/2008, -0/+1This is cool but really dumb at the same time.
    If you want to hear one side of a phone conversation, STAND WITHIN 20 FEET OF THE PERSON.
    From my experience, everyone on a Bluetooth thinks they're the ***** and talks loud enough for the general public anyway.
  • Cherryone, on 05/22/2008, -0/+0Yeah, I bought a Motorola Bluetooth ear piece and right there in the user guide, in the instructions for hooking the set to a cell, they said "Your default password of 0000 cannot be changed to anything else? Security? Lack of security? This is a joke...
  • Fetching more discussions...
    Show 51 - 53 of 53 discussions
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.