Re: Question about simple BlueTooth hack

[Professor Thread <professorthread () gmail com>]

On 03/14/2011 12:44 PM, craig bowser wrote:
> So, I'm giving a talk at my son's school for career day.  My talk is
> mostly on the IA/Infosec career, but I thought I would do a quick
> simple bluetooth hack to cut into the drone of person after person
> yapping up front. These are 6-8th graders... attention span is
> limited.  I know, I have two.
>
> Anyway, I've been trying to get bluenarfer and bluebugger to work to
> either pull out an address book or dial a phone number.  However, I
> can't seem to get it  working. When any connection is made, the phone
> asks for a pin or asks if I want to allow a connection.  I would like
> the hack to work without interaction from the user of the phone.

AFAIK, unless you find a phone with an exploitable vulnerability, you'll
need the user to accept any incoming transaction. However, what about
doing something like this:


You: Well kids, I've brought a few smartphone games, we get them for
free at the office. Who wants one?
[Kids start screaming Me! Me! Me!]
You: OK, you, the guy with the freckles, turn on your bluetooh and I'll
send it to you.
[You run your bluetooth tools against the kid's phone].
You: Please enter this PIN: 4329
[Kid enters the pin and you hack into his contact list].
You: Hey! You have a fiend name Allison Parker?
Kid: Yes
You: And another friend caller Johnny Bubblegum?
Kid: Yes! omg! how did you know that?
You: Because I've hacked into your phone. First I applied some "social
engineering" to trick you into accepting an incoming request, and then I
run a malicious program that steals your address book. Never trust guys
in a suit, kid.

Prof.





_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com