Bluetooth technology
is great. No doubt. It provides an easy way for a wide range of mobile
devices to communicate with each other without the need for cables or
wires. However, despite its obvious benefits, it can also be a
potential threat for the privacy and security of Bluetooth users.
If you are planning to gain a deeper understanding of Bluetooth
security, you will need a good set of tools with which to work. By
familiarizing yourself with the following tools, you will not only gain
a knowledge of the vulnerabilities inherent in Bluetooth-enabled
devices, but you will also get a glimpse at how an attacker might
exploit them.
This hack highlights the essential tools, mostly for the Linux
platform, that can be used to search out and hack Bluetooth-enabled
devices.
Discovering Bluetooth Devices
BlueScanner – BlueScanner searches out for
Bluetooth-enabled devices. It will try to extract as much information
as possible for each newly discovered device. Download BlueScan.
BlueSniff – BlueSniff is a GUI-based utility for finding discoverable and hidden Bluetooth-enabled devices. Download BlueSniff.
BTBrowser – Bluetooth Browser is a J2ME application that
can browse and explore the technical specification of surrounding
Bluetooth-enabled devices. You can browse device information and all
supported profiles and service records of each device. BTBrowser works
on phones that supports JSR-82 – the Java Bluetooth specification. Download BTBrowser.
BTCrawler -BTCrawler is a scanner for Windows
Mobile based devices. It scans for other devices in range and performs
service query. It implements the BlueJacking and BlueSnarfing attacks. Download BTCrawler.
Hacking Bluetooth Devices
BlueBugger -BlueBugger exploits the BlueBug vulnerability.
BlueBug is the name of a set of Bluetooth security holes found in some
Bluetooth-enabled mobile phones. By exploiting those vulnerabilities,
one can gain an unauthorized access to the phone-book, calls lists and
other private information. Download BlueBugger.
CIHWB – Can I Hack With Bluetooth (CIHWB) is a Bluetooth
security auditing framework for Windows Mobile 2005. Currently it only
support some Bluetooth exploits and tools like BlueSnarf, BlueJack, and
some DoS attacks. Should work on any PocketPC with the Microsoft
Bluetooth stack. Download CIHWB.
Bluediving – Bluediving is a Bluetooth penetration testing
suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++,
BlueSmack, has features such as Bluetooth address spoofing, an AT and a
RFCOMM socket shell and implements tools like carwhisperer, bss, L2CAP
packetgenerator, L2CAP connection resetter, RFCOMM scanner and
greenplaque scanning mode. Download Bluediving.
Transient Bluetooth Environment Auditor – T-BEAR is a
security-auditing platform for Bluetooth-enabled devices. The platform
consists of Bluetooth discovery tools, sniffing tools and various
cracking tools. Download T-BEAR.
Bluesnarfer – Bluesnarfer will download the phone-book of any mobile device vulnerable to Bluesnarfing.
Bluesnarfing is a serious security flow discovered in several
Bluetooth-enabled mobile phones. If a mobile phone is vulnerable, it is
possible to connect to the phone without alerting the owner, and gain
access to restricted portions of the stored data. Download Bluesnarfer.
BTcrack – BTCrack is a Bluetooth Pass phrase (PIN) cracking
tool. BTCrack aims to reconstruct the Passkey and the Link key from
captured Pairing exchanges. Download BTcrack.
Blooover II – Blooover II is a J2ME-based auditing tool. It
is intended to serve as an auditing tool to check whether a mobile
phone is vulnerable. Download Blooover II.
BlueTest – BlueTest is a Perl script designed to do data extraction from vulnerable Bluetooth-enabled devices. Download BlueTest.
BTAudit – BTAudit is a set of programs and scripts for auditing Bluetooth-enabled devices. Download BTAuding.
What’s next? Let everyone know to disable Bluetooth until they
really need it. Additionally, make sure to update your phone software
on a regular basis.
RobDurdle.com 
You must be logged in to post a comment.