Full Disclosure mailing list archives

Re: Bluetooth keyloggers?

From: Michael Holstein <michael.holstein () csuohio edu>
Date: Thu, 06 Nov 2008 15:39:53 -0500

Just wondering if anyone has technical feedback/musings on the
emerging bluetooth keyloggers available, such as the following
products:


Yeah .. use a USB keyboard ;)

* Remote discovery of these devices (active and passive) via
bluetooth, localhost device discovery, any other means, etc.


Bluesniff can discover devices (including non-discoverable ones, if 
they're active) .. much like you can find wifi devices even if the SSID 
is hidden. Even though BT is encrypted, you can still see the frames at L2.

They can also be found the same way one find hidden 2.4ghz cameras .. 
using spectrum analyzers (I have an icom handheld that does this 
marginally well if you're close enough).

* Countermeasures, any and all, including isolated "jamming" and, if
feasible, control of data flow or "injection" of false data


Well, if you're willing to throw the "Part B" rules out the window .. 
any broadband noise generator tuned to the appropriate frequency will 
work. Most of the cheap-o Chinese jammers for Cellphone/GPS are just a 
simple VCO and amplifier .. easy to tune into the appropriate band.

As for injection .. with the bluejacking tools you can force a 
re-pairing, and then bruteforce. Since the devices you link to are 
designed to be passive, I'd imagine they'd automatically re-pair (versus 
a phone, which would prompt the user to do something).

* Real-world performance in light of interference (signal and obstacles)


bluetooth dongle to my Samsung cellphone works ~20' in a typical office. 
Their statement about a "football field" is only true if you were 
actually in an open field.

* Any other "stuff" -- honeypots, long-distance snarfage, creative
applications, automation, etc. ;-)


.. a 24db parabolic plus a bluetooth dongle modded for an external 
antenna can give you several hundred feet, easily.


Cheers,

Michael Holstein CISSP GCIA
Cleveland State University

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Bluetooth keyloggers? Shawn Merdinger (Nov 06)
- Re: Bluetooth keyloggers? Michael Holstein (Nov 06)
- Re: Bluetooth keyloggers? Thierry Zoller (Nov 06)