Re: Bluetooth Pentesting?

[Times Enemy <times () krr org>]

Greetings.

Of course there are risks with Bluetooth.

Bluetooth security is generally so pathetic, in regards to factory set 
defaults in use, that all you need is some sort of method of attempting 
a passkey, such as a BT enabled laptop, or even a phone or PDA, and 
about three generic attempts.  If the three do not work, try to identify 
the hardware, and simply all their technical support, or read their 
documentation.

Most wireless systems are vulnerable at authentication.  So, the only 
trick then becomes to drop the connection and listen.

http://trifinite.org/ has an interesting project related to car systems 
(Car Whisperer), and i believe they branch out some with their BT Audit 
tool and such.  I have not had the opportunity to test it, but their 
site/documentation/articles make for good reading.

http://www.google.com/search?hl=en&lr=&q=hijack+bluetooth&btnG=Search 
ought to yield enough reading to get practical.

.times enemy
Key Rack Research - http://www.krr.org


steven () lovebug org wrote:
> Greetings,
>
> Does anyone on this list do bluetooth pentesting?  I have read tons of old
> posts and found plenty of tools to do a few different things.  However, I
> do not find any of it to be overly useful.  Most of the tools out there
> seem to be aimed at certain cell phones or are very specific.  I am trying
> to find out what the risks are of all kinds of devices.  I have found
> btscanner to be pretty good at detecting devices but it doesn't do too
> much other than detect it.  I can scan and pickup 150+ devices and the
> Vulnerable to: section is always the same.. blank.  Are all the bluetooth
> devices I find so super secure?  I pick up cars, phones, PDAs, computers,
> keyboards, etc.  Are there really no risks with these devices?
>
> Is there a better/good tool out there that can really find various
> bluetooth devices and tell me what -real- risks might be associated with
> them -- on top of that.. is there a good tool for trying to pull data or
> use these devices?  Example: a dell or mac laptop has bluetooth on, or a
> Treo with it on.. what are the possible risks?  What tools can actually
> test if authentication is required for connecting with these devices.. or
> whether I can bruteforce it or connect at all?
>
> Any suggestions would be greatly appreciate and I am really trying to do
> something more than just "detect" bluetooth devices.  I need to know if
> there are risks here.
>
> Thanks
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------