Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Eavesdropping on Bluetooth headsets[video]

  1. #1
    Junior Member
    Join Date
    Dec 2007
    Posts
    30

    Default Eavesdropping on Bluetooth headsets[video]

    Here's a short video in which Joshua Wright demonstrates how a Bluetooth headset can be hijacked, allowing audio to be captured or sent to the device:

    Few users realize that Bluetooth headsets can be exploited granting a remote attacker the ability to record and inject audio through the headset while the device is not in an active call. SANS Institute author and senior instructor Joshua Wright demonstrates.

    All that is necessary is knowing the device address, which can be easily sniffed, and the secret pin, which defaults to 0000. The headset audio is tapped while not in a call, so any room conversation the headset's mic can pick up can potentially be listened to remotely.



    http://www.hackszine.com/blog/archiv...tooth_hea.html

  2. #2
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Umm, hasn't this already been posted a few times here?


    Okay, never mind. I must have been thinking about a different site.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  3. #3
    Member
    Join Date
    Aug 2007
    Posts
    468

    Default

    Quote Originally Posted by Barry View Post
    Umm, hasn't this already been posted a few times here?


    Okay, never mind. I must have been thinking about a different site.
    It has but it was on /. today so there is going to be a few reposts in the next week.....

  4. #4
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by BOFH139 View Post
    It has but it was on /. today so there is going to be a few reposts in the next week.....
    Yea, I posted it up on the netstumbler forums a few weeks ago when it was on Gizmodo. I think it was gizmodo, it could have been engadget, they're pretty much the same thing now-a-days.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  5. #5
    Junior Member user17's Avatar
    Join Date
    Nov 2007
    Posts
    47

    Default

    Funny, i was just thinking about what could be done to exploit a bluetooth headset. not that I could actually do anything about accomplishing that but I have to start to somewhere.

  6. #6
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Yeah... pin #0000
    dd if=/dev/swc666 of=/dev/wyze

  7. #7
    Just burned his ISO
    Join Date
    Oct 2006
    Posts
    3

    Default

    Hi,

    Has anyone tried the carwhisperer?

    I tested it with my Nokia 6110 n SE HBH-35 earpiece, but failed to connect. I guess it won't work for all bluetooth earpieces.

    More info abt CarWhisperer can be found in the following.
    hxxp://xxx.digitalmunition.com/HijackHeadSet.txt
    hxxp://xxx.securiteam.com/securitynews/5JP0420GKG.html


  8. #8
    Junior Member
    Join Date
    Jun 2006
    Posts
    57

    Default

    Hiya Guys,
    I am just giving this a go. Two questions, what can I use to create the .RAW I need to send? Then what can I use to listen to the OUTPUT.RAW if / when I am successful.

    I cant see an option to not give an input file, so I assume I need one.

    Thanks in advance.
    Dale

  9. #9
    Junior Member
    Join Date
    Apr 2008
    Posts
    48

    Default

    I believe everything you need is in carwhisperer, to create the raw files. I used it a few weeks (maybe months) ago, and it worked alright.

  10. #10
    Junior Member
    Join Date
    Jun 2006
    Posts
    57

    Default

    Anyone got any success stories. I bought a Plantornics M2500 headset that is known to be vulnerable to test this in the lab, and no joy.

    So wondering if I am doing something wrong, or if in fact the headset wasnt vulnerable.

    Thanks in advance.
    Dale

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •