Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Bluetooth Pentest

  1. #1
    Member
    Join Date
    Jan 2010
    Posts
    83

    Default Bluetooth Pentest

    I am a security analyst and I work for an agency. Our ISO would like to perform a pentest of bluetooth in our building to determine possible security leaks. I have found that the USB Bluetooth device should be a CSR based chipset to perform the tests. I do not know the difference between the versions of the CSR chipsets e.g. v1-v6. And thus I have a few questions concerning Bluetooth;

    1. What is the difference between CSR chipsets v1 - v6 as for hacking/pentesting is concerned.
    2. What is meant by the term "Stack"
    3. Can you define these features located at this link;
    • BD_ADDR VID&PID
    • frontline.c
    • FTS4BT
    • VID&PID
    • Firmware
    4. Can you recommend an external USB Bluetooth dongle (that has the ability to be modded or comes with an external antenna connection)?
    5. What is the difference between "ROM" and "Firware"


    Some reference links I have found:
    http://www.holtmann.org/linux/bluetooth/features.html
    http://bluetoothsecurity.wordpress.c...cking-purposes
    http://www.dlink.com/products/support.asp?pid=34
    http://www.unstrung.com/document.asp?doc_id=121257

  2. #2
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    [QUOTE=chmod;86139]First off, let me say that I am no hacker. I am a security analyst and I work for an agency.


    I don't know about most of the regulars here, but when I see posts that start off like this, the red flags start waving and the alarms start going off.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  3. #3
    Member
    Join Date
    Jan 2010
    Posts
    83

    Default

    Why's that? lol What kind of red flags?

    Edited: That better

  4. #4
    Junior Member BlackRS's Avatar
    Join Date
    May 2008
    Posts
    45

    Default

    Most the members here understand the concept of social engineering, therefore they can usually pick up when someone is trying to do it to them. An agency?
    Information is like water...

  5. #5
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    I'd say at least half the posts in the idiots corner start off with "I'm not a hacker" or "I'm a pentester" or "My friend said I could...".
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  6. #6
    Member
    Join Date
    Jan 2010
    Posts
    83

    Default

    Well.. I do work for a state agency, but I wont say where or which one. That is not the topic. BackTrack(3) is not just used for exploitation purposes. We've used it (i.e. the tools within it) to evaluate our networks and devices, thus the pentest questions about bluetooth.

    And as I am no expert, I opted to post here thinking I would get a more mature response seperated from the norm. But I guess paranoia comes with the territory.

  7. #7
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by chmod View Post
    Well.. I do work for a state agency, but I wont say where or which one. That is not the topic. BackTrack(3) is not just used for exploitation purposes. We've used it (i.e. the tools within it) to evaluate our networks and devices, thus the pentest questions about bluetooth.

    And as I am no expert, I opted to post here thinking I would get a more mature response seperated from the norm. But I guess paranoia comes with the territory.
    I'd say probably 90% of the people here use it for non-exploitative purposes.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  8. #8
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

    Default

    I posted a complete list of CSR chipset bluetooth dongles:
    http://forums.remote-exploit.org/sho...t=10103&page=9

    The linksys can be modified to accept an external antenna:
    http://bluetooth-pentest.narod.ru/ha...outmesguin.pdf

    William

  9. #9
    Very good friend of the forum drgr33n's Avatar
    Join Date
    Jan 2010
    Location
    Dark side of the moon ...
    Posts
    699

    Default

    Hmm
    Quote Originally Posted by chmod
    I am a security analyst and I work for an agency.
    Well tell your agency to buy a comprobe from frontline lol !!!!!!!!!!!!!

    http://www.fte.com/products/FTS4BT-01.asp

    What vulnerabilities exactly were you going to "test" with this equipment ? What equipment of yours uses bluetooth ?

    1. What is the difference between CSR chipsets v1 - v6 as for hacking/pentesting is concerned.

    Nothing The FTS4BT uses one of CSR's chips in its comprobe. As for pentesting these are not used for pentesting and more used by developers and test engineers to get them through the design, debug etc.

    What is meant by the term "Stack"

    http://en.wikipedia.org/wiki/Bluetooth_stack

    3. Can you define these features located at this link;

    * BD_ADDR VID&PID hardware-MAC / Vendor ID / Product ID
    * frontline.c Sorbo's Source code
    * FTS4BT Frontline Test Systems for Bluetooth (Guessed lol)
    * VID&PID Answered in No 1
    * Firmware Eh and you a security analyst ??? Hmmm

    4. Can you recommend an external USB Bluetooth dongle (that has the ability to be modded or comes with an external antenna connection)?

    Why ?

    5. What is the difference between "ROM" and "Firware"

    Well I think you mean ROM and RAM ROM stands for Read only memory and RAM stands for Random Access Memory. Off the top of my head I think EXT chipset actually uses a eprom chip

  10. #10
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    ^^^^ If anybody knows bluetooth pentesting, it's Dr_GrEeN. ^^^^^
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •