Bluetooth vulnerabilities & War Driving, is it possible?

Discussion in 'other security issues & news' started by Devinco, Jul 2, 2004.

Thread Status:
Not open for further replies.
  1. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Everyone,

    I know it is probably far fetched, but is bluetooth a possible infection/infiltration vector? While most bluetooth devices have a 10-30 ft. range, some may have a longer range (100 meters). A signal boosting bluetooth antenna similar to the ones currently available for wireless networking could possibly extend that range.
    I currently use the Microsoft Bluetooth Intellimouse Explorer (old version battery hog) which has a USB Bluetooth antenna (about a 35 foot range for the mouse).

    1. Could a newer bluetooth mobile phone infected with the Epoc_Cabir.A or a new variant of it infect/infiltrate/drop a trojan on my computer through it's bluetooth antenna when the phone is brought within range? While connecting the mouse, it said it is a secure link, but I wonder if that is true. And if it is secure between mouse and antenna, that does not mean that the whole bluetooth networking protocol is secure. Could there be some gaping security holes like we have seen with IE, NETBios, etc.?

    2. Could a war driving cracker with some kind of signal boosting bluetooth antenna connect to a bluetooth antenna in an office? There are currently wireless NIC's, is a bluetooth NIC a possibility? It would seem like this is a side door access point that would bypass traditional perimeter defenses.
    Besides Mice, there are Bluetooth keyboards as well, so wireless bluetooth keyloggers could be possible for password sniffing.

    I have looked on the internet, but there is little info pertaining to bluetooth security specifically as it relates to infection/infiltration possibilities and defenses.
    In one of the articles below it even mentions that 50% of the PINS that bluetooth devices use are 0000. How hard is that to crack?
    Here are some links:

    http://www.vnunet.com/news/1151614
    http://www.niksula.cs.hut.fi/~jiitv/bluesec.html
    http://www.thebunker.net/release-bluestumbler.htm

    Bluetooth is relatively new tech so it may not have the kinks worked out.
    If you have any thoughts, info, or comments, it would be appreciated.

    Thanks,
    Devinco

    P.S. Wilders forum has the most complete security knowledge and helpful people I have seen in a long time! :)
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas

    Interesting questions. As an old radio scanner buff, I can tell you, if you don't encrypt, you can be heard. If the signal is in the open, I guess anything could happen.
    Cell phones for the most part have gone digital. I doubt that a mouse has. Just guessing here.

    Anyone?
     
  3. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Ronjor,
    Thanks for replying. That's my concern. The signal is in the open and from what I've read, the encryption is less then great. Let alone weak bluetooth network security protcols or the ability to establish new connections automatically(not sure about that).

    Devinco
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas

    I'm not sure how much time malware folks are going to spend on phones, etc.
    Although, I have read there is a phone virus now.

    Wireless computering is really just getting started. I am relatively sure bugs will start showing up.

    Speaking for myself, if I weren't comfortable using it, I wouldn't!
     
  5. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    From what I've read here on Wilders, the bad guys will target the biggest user base and the weakest links first. With the ubiquity of mobile phones and the on going marketing push to pack phones with every gimmick, phones will have more processing power, RAM, and maybe hard drive space, and of course bluetooth. The interconnectivity of Bluetooth is great, but right now it looks like one more method of attack. While it is probably too new even for the bad guys to fully exploit, it is just a matter of time.

    Here is a dark future vision for bluetooth:
    Spammers, frustrated by the decreasing returns on bulk email due to smarter spam filtering look for other markets to spread. They hire crackers to make a bluetooth worm that can spread from phone to phone and phone to computer. Merely walking near an infected phone's bluetooth range would be enough to infect. Your phone number and all the data stored on it would be sent "home". Your cell phone would then become a zombie voice mail spam relay. The phone would deliver the voice mail spam message to all the phone numbers stored inside. As they are on your contact list, caller id blocking would probably not work to block the call as it would from an unknown number.
    It may not even need bluetooth to spread as most phones will have some kind of internet connectivity. If phone browsers ever get ActiveX, we're doomed.
    On the lighter side: we would probably have a new arsenal of security products to deal with it. (TDS-6 Mobile Phone Edition?) :)

    Dark future vision aside. I don't feel comfortable with bluetooth currently, so I will take your advice and disconnect the bluetooth antenna until they come up with something a little more secure.

    Thanks again,

    Devinco
     
  6. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    dear Devinco, as far as Cabir goes, it has been designed for Symbian OS so don't worry about it. Ronjor is right about encrypting. i don't see a storm of phone bugs attacking us as its right when you say malware authors target biggest target base ( Microsoft Windows and Doors ). that Cabir worm is an exception as it is from a group which wants to be the FIRST in virus writing field.
     
  7. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi AMRX,

    Thank you for the reply.
     
    Last edited: Aug 3, 2004
  8. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Well I thought maybe I was being a little paranoid......
    :eek: NOT :eek:

    Take a look at this Article

    Scary stuff. The rifle looks pretty cool. Not only could these techniques be used for spying and other mischief, they could be used for cell phone international dialers.

    Have a happy paranoia! :D
     
Loading...
Thread Status:
Not open for further replies.