Join us on Slack!
You cannot teach a man anything; you can only help him find it within himself. - Galileo
Friday, March 22, 2019
 Need Help?
Members Online
Total Online: 101
Guests Online: 100
Members Online: 1

Registered Members: 111728
Newest Member: efexafagsugea
Latest Articles
View Thread

HellBound Hackers | Computer General | Networking


Bluetooth Hacking


Your avatar

Posts: 753
Location: USA
Joined: 17.12.07
Posted on 24-03-18 01:26
Hey guys!

So a while back someone posted in the shoutbox asking about good resources regarding hacking bluetooth. I've never really looked into bluetooth, but I figured it couldn't be too different from WiFi (which I have spent a bunch of time messing with) so I decided to look around a bit. Turns out I was super wrong. Three thousand pages later it turns out I couldn't be more wrong. Go figure. Anyway, I delved a bit deeper and found some pretty cool historic attacks thought it'd be neat to drop the links here and see if we could drum up some conversation. Maybe if anyone's interested we could work on mocking up and running the PoCs to see how they work and such. I dunno. Worst case someone sees something cool that they didn't know before.

- Anyway, first up is BlueBorne: a suite of attacks ranging from info disclosure and MitM to full-blown unauthenticated, connectionless, over-the-air, root RCE (on some systems. Regular RCE on others). And this is from earlier last year. Holy crap. Their technical whitepaper has tons of background info on Bluetooth and very good descriptions of the vulns themselves. A super cool read.
- Next we've got the slightly-less-exciting-yet-infinitely-more-approachable network-level attack against this garbage IoT device. Using an Ubertooth One to watch traffic between the device their mobile device allowed them to do some nasty things. Turns out safe companies don't know how to write software. Go figure. Also worth noting: more of a hack using bluetooth than a "bluetooth hack". I still count it.
- And, finally, a rather old overview of the general landscape (at the time) from a prestigious security conference in Germany.

As a general info point, a lot of these examples were found pivoting off of MITRE's CVE database, a pretty neat tool for tracking a searching through known vulnerabilities. While it's kind of tough getting the actual exploit of technical details from the site itself, it's a good enough starting point.

So what do you guys think? Is this something any of you would be interested in pursuing? I can continue dumping links as I come across them or get a firmware blob from a listed device or... I dunno? Start working on a fuzzer for some of the internal communication structures?

Whatever the case, thanks for reading!
- Futility Futility91

RE: Bluetooth Hacking

☆ Lucifer ☆

Posts: 2017
Location: Scotland
Joined: 20.02.08
Posted on 24-03-18 17:35
Bluetooth hacking is something I've never really looked into, I've always meant to, but just never got around to it.
It's one of the few things on my phone that I never ever use, apart from when connecting to a bluetooth speaker.

And considering about 95% of all the pwning I do these days, is done solely from my android phone,  I feel a tiny bit ashamed for neglecting bluetooth so badly,  so count me in man.  Thumbs Up
U N ⓡⓔⓧ_ⓜⓤⓝⓓⓘ

RE: Bluetooth Hacking


Your avatar

Posts: 15
Joined: 02.05.17
Posted on 28-03-18 20:02
How is it possible to hack using just a phone ? Theres so many things you cant possibly do on a pbone that you can only do on a desktop .

RE: Bluetooth Hacking


Posts: 13
Joined: 01.05.17
Posted on 30-03-18 02:12
Burn the witch !!!!