It was recently published before this article that Bluetooth devices can be hacked into. I then received another article and since I own a TL now with Bluetooth, it got me thinking. This is probably common sense.. but you can only hack into the car when its on right? I just need some reassurance. Other than that.. this article is a good read for those of you who have sensitive data on your cell phones.


http://www.tomsnetworking.com/Sections-article145.php

Humphrey Cheung
10/31/05

In the last week, Network Chemistry and Airmagnet both released free Windows utilities that scan for Bluetooth devices. Several years ago, NetStumbler, a free 802.11 wireless scanning utility, ushered in the "wardriving" era. With the release of these easy-to-use utilities, are we now on the verge of a "BlueDriving" age? I interviewed Andrew Lockhart, BlueScanner's author and lead security analyst for Network Chemistry, to find out how he made the program and if we should worry about Bluetooth vulnerabilities.

Lockhart was hired three months ago by Network Chemistry as their lead security analyst. In addition to writing BlueScanner, he has written a white paper on Bluetooth vulnerabilities and was the author of the O'Reilly book "Network Security Hacks". He told us that BlueScanner wasn't that hard to write, with the program coded from scratch in C++ and most of the Bluetooth scanning handled by Microsoft's Bluetooth API and drivers. He told us that Bluetooth functionality is already there in Windows, adding, "We just provide the interface to make it more friendly."

Bluetooth scanning is nothing new, as Linux scanners have been available for a few years. Earlier in the year, TomsNetworking brought you a two part series on how to build a "BlueSniper" long-range Bluetooth gun. But this the first time that someone has written a "Netstumbler like" program for finding Bluetooth devices with Windows-based systems.

BlueScanner easily finds Bluetooth devices that have been placed in "discoverable" mode and displays the device name, physical address, device type (such as cellphone or computer) and available services.
Unlike NetStumbler, BlueScanner does not have GPS tracking, but you can type in the location that you are scanning from. For example, if you were using BlueScanner to search for devices in a multiple story building, you would start at the first floor and type in location of "First Floor".

In inital testing of BlueScanner, Lockhart found Bluetooth devices in places that he expected and some that he didn't, saying, "I initially didn't expect to find many devices. Sure there were many in the airports, where you have a lot of business people, but I didn't expect them to be in restaurants. I also found large amounts in just random places." Lockhart even used BlueScanner at the Defcon computer security convention in Las Vegas and found quite a few devices. While you could assume that Defcon attendees would not have vulnerable Bluetooth devices, Lockhart says, "I found quite a few phones that would appear to vulnerable and some people didn't bother to rename the model number."

I played with BlueScanner in the TG Publishing office and also in the press room of Blizzcon.Blizzard's recent gaming convention focusing on World of Warcraft. In our office, BlueScanner immediately found several devices including my Blackberry and another editor's T610 phone. Surprisingly, it also picked up a hands-free Bluetooth headset in a BMW car parked about 75 feet away. I didn't expect a Bluetooth signal to go that far and penetrate several walls. At Blizzcon, BlueScanner found six devices in thirty seconds.

So why release such a program to the public? Back in the NetStumbler days there were some people who believed the Wi-Fi-scanning program could help hackers break into their computers. Lockhart isn't concerned about ill-intentioned people using BlueScanner, saying, "We are only here to increase awareness and the nefarious people already knew about this stuff way way long ago." He also told us that he wants people to realize just how many devices are in the environment.

Lockhart also said that he has found many Bluetooth devices in conference rooms and around the office. He has even sent messages to people's phones telling them that their Bluetooth is on. Some people were shocked and Lockhart adds, "They didn't know where this message was coming from. The phone beeps and they pull it out and see something on the screen."

What's next for Lockhart? He is pretty tight-lipped about future improvements of BlueScanner, but he has been playing around with a $17,000 Bluetooth sniffer that can pull raw Bluetooth data from the air. While the price tag may seem high, Lockhart told us that he has seen the sniffers sell for as low as $1600 on Ebay. With the sniffer, he has discovered that a popular brand of phone / PDA syncs via Bluetooth in clear text. Lockhart told us the model, but said, "Please don't tell anyone because I want to call the company first."

So is it time to start worrying about Bluetooth? "The normal person doesn't have to worry much, but it could be a concern for high-profile people," says Lockhart. He explained that it might be possible to monitor a person by tracking their phone, but the average person is probably OK if they keep the phone in non-discoverable mode. Lockhart summed it up simply by saying, "If you carry sensitive data, you may want to check if you have Bluetooth in discoverable mode and if you don't need Bluetooth, just turn it off. Just use common sense."

 

Don't worry about your car getting hacked, you have no critical information in the car to worry about. It isn't like a PDA with sensitive data on it, all it is is a glorified headset.

 

Like the article asks: "Are you a normal person or a high profile person?" I am the former so I don't worry about it. Should you???

 

Sometimes you just never know?? what if I worked for someone who had sensitive phone numbers? An example is that of Paris Hilton's cell even though she isnt "sensitive data" to me.

Hmmm.. i do consider myself high profile. jk

 

Doesn't the car have a phonebook, like my G35? Couldn't that be compromised?

 

Probably. But unless your secret lover's phone number is there do you really care? If you are using phone book entries to store numerical password (PINs) then stop. Really bad idea. Cell phone contacts lists have no assumed privacy or security.

Do you PIN-lock your cell phone? Ever leave it on a table or counter top ? It's far more likely that someone could pick up your cell phone and browse your contacts there. Do you ever hand a credit card to a server ? That's a much bigger risk. Do you ever give your SSN to someone that doesn't need it to report data to the IRS?...

With all the wireless routers I could hijack in my neighborhood (i said could, not did) I'm never surprised by anything. People get lazy so they will leave things unsecured, use ridiculously simple passwords and leave Bluetooth devices in discoverable mode. And the grand daddy of them all...sharing out their entire computer on a peer-to-peer.

Wireless technology has it's good points but people just need to remember that your transmissions are out there for anyone that wants to receive them and your receivers might be listening for anyone trying to talk to them. Use it accordingly And while this doesn't apply to the TL/Phone thing... just use wires when possible, their much cheaper, much faster, more secure and much more reliable.

 

Yes, I do care about some stranger getting my mother's phone number, my boss' phone number or my wife's cell number from the car. Wouldn't you?
As for my phone, unless I'm at home; it's in my pocket.
Good point otherwise.

 

Nope. Really, I don't care. I'm not just saying that to screw with you. They are just names and phone numbers, all very commonly available and not particularly risky to be "in the wild". I'm not saying I want it to happen just that I wouldn't feel too harmed or upset if it did.