Overview of Bluetooth Hacking Tools

Linux is the most convenient operating system for hacking Bluetooth. This is because of its open architecture, which allows hackers to employ ready-to-use components and contains lots of useful utilities for scanning Bluetooth networks or making a Bluesnarfing attack. For example, it is possible to use the hciconfig utility, starting with the -ifconfig command-line option or hcitool (Fig. 29.9) with the following options: Scan for scanning the perimeter and print the list of detected Bluetooth devices, Name for returning the name of the remote device, Cmd for controlling the local Bluetooth device using a connection through Human-Computer Interaction (HCI), and Cc for creating a connection. A detailed description of all commands can be found in man .

image from book
Figure 29.9: Scanning Bluetooth devices using the hcitool utility

To access HCI, it is possible to use Ioctl codes or socket options. Commands responsible for this have the HCI prefix. These commands include the following:

  • HCI_Create_New_Unit_Key, HCI_Master_Link_Key, HCI_Read_Pin_Type, HCI_Read_Authentication_Enable, HCI_Read_Encryption_Mode, and HCI_Change_Local_Link_Key .

Lots of useful information about Bluetooth programming for Linux can be found at http://www.holtmann.org/linux/bluetooth .

Overflow Error in WIDCOMM

Bluetooth developers supply commercial software to support it, distributed under the WIDCOMM trademark (for wireless Internet and data/voice communications), which relieves hardware manufacturers from needing to implement the entire protocol stack on their own. Old-school programmers (such as Yury Haron) know only too well the true price for "ready-to-use" solutions. Having burnt their fingers on someone else's errors a couple of times, they do not trust to any code except the one that they have developed on their own. And their point of view is well grounded!

In August 2004, a nontrivial buffer overflow was detected in WIDCOMM, which allowed attackers to gain control over a Bluetooth-enabled device by sending a specially prepared packet to it. After that, there wouldn't be any need to undertake a brute-force attack on the PIN.

This vulnerability is typical for BTStackServer versions 1.3.2.7, 1.4.1.03, and 1.4.2.10, used in Windows 98, Windows XP, Windows CE, and other systems. In addition, WIDCOMM is actively used by many companies, including Logitech, Samsung, Sony, Texas Instruments, Compaq, and Dell. The complete listing of hardware manufacturers that use this vulnerable software includes more than three dozen companies. All Bluetooth devices manufactured by these companies are at risk and can be attacked at any moment. There is even an exploit written especially for the popular HP IPAQ 5450 pocket PC. In some cases, the problem can be solved by installing all patches or reprogramming the firmware; however, some devices remain vulnerable. Detailed information on this topic can be found at http://www.pentest.co.uk/documents/ptl-2004-03.html .



Shellcoder's Programming Uncovered
Shellcoders Programming Uncovered (Uncovered series)
ISBN: 193176946X
EAN: 2147483647
Year: 2003
Pages: 164

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net