PaulDotCom mailing list archives
Re: Question about simple BlueTooth hack
From: Professor Thread <professorthread () gmail com>
Date: Mon, 14 Mar 2011 13:27:54 +0100
On 03/14/2011 12:44 PM, craig bowser wrote:
So, I'm giving a talk at my son's school for career day. My talk is mostly on the IA/Infosec career, but I thought I would do a quick simple bluetooth hack to cut into the drone of person after person yapping up front. These are 6-8th graders... attention span is limited. I know, I have two. Anyway, I've been trying to get bluenarfer and bluebugger to work to either pull out an address book or dial a phone number. However, I can't seem to get it working. When any connection is made, the phone asks for a pin or asks if I want to allow a connection. I would like the hack to work without interaction from the user of the phone.
AFAIK, unless you find a phone with an exploitable vulnerability, you'll need the user to accept any incoming transaction. However, what about doing something like this: You: Well kids, I've brought a few smartphone games, we get them for free at the office. Who wants one? [Kids start screaming Me! Me! Me!] You: OK, you, the guy with the freckles, turn on your bluetooh and I'll send it to you. [You run your bluetooth tools against the kid's phone]. You: Please enter this PIN: 4329 [Kid enters the pin and you hack into his contact list]. You: Hey! You have a fiend name Allison Parker? Kid: Yes You: And another friend caller Johnny Bubblegum? Kid: Yes! omg! how did you know that? You: Because I've hacked into your phone. First I applied some "social engineering" to trick you into accepting an incoming request, and then I run a malicious program that steals your address book. Never trust guys in a suit, kid. Prof. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Question about simple BlueTooth hack craig bowser (Mar 14)
- Re: Question about simple BlueTooth hack Professor Thread (Mar 14)
- Re: Question about simple BlueTooth hack Jim Halfpenny (Mar 14)
- Re: Question about simple BlueTooth hack Robin Wood (Mar 14)
- Re: Question about simple BlueTooth hack Bill Swearingen (Mar 14)
- Re: Question about simple BlueTooth hack Josh More (Mar 14)
- Re: Question about simple BlueTooth hack craig bowser (Mar 14)
- Re: Question about simple BlueTooth hack Bill Swearingen (Mar 14)
- Re: Question about simple BlueTooth hack craig bowser (Mar 15)
- Re: Question about simple BlueTooth hack Bill Swearingen (Mar 14)
- Re: Question about simple BlueTooth hack Professor Thread (Mar 14)