Security and Bluetooth

D

dab_baken

New member
I'm not for sure where this question goes, but since Bluetooth is in part of the Android OS maybe I won't get to much backlash.

I am taking a network security course this year. last class my professor said that even if my phone is turned off that there is a machine that will turn on my phone and download all the data. Now, I been reading a few articles online which is a little scary, but nothing to really backup to what he said.

Most of the articles said "most people leave their bluetooth in discover mode" and the phone is obvioius vulnerable to hackers.
Another article said that if the bluetooth is on,but not in discover mode, it can be hacked but it would take several hours to do.

But none of the articles said anything if the phone was completly shut down. Has anyone heard of such a device?

I normally leave my bluetooth off, one it just saves battery life. Two I don't use my headset unless I'm in my car.
 
Ok - I used to teach this kind of stuff in one of the world's most respected Ethical Hacking degree.

Here are some points that you may find relevant...

BlueTooth isn't necessarily encrypted. If it isn't, it's possible to intercept the information (speech, data, etc) transmitted between your phone and device.

If your BlueTooth is switched on, then there are a number of hacks out there that can do dodgy things with them. Some of these issues are solved with firmware updates, or updates to the BlueTooth protocol. A common hack is to make your phone dial a premium rate number belonging to the hacker, thus earning them money from your phone bill. But, there is also information (files, contact information) etc. that can be downloaded from your phone and used for malicious purposes.

If your BlueTooth is turned off, it is NOT POSSIBLE to turn it on directly. In fact, with Android, the BlueTooth radio is completely powered off so it doesn't receive, transmit, or respond to anything. No external hack can turn it back on. So in this way it's completely secure - so long as it's off.

However, it is possible for (malicious) apps to turn it back on. So if you have some dodgy app on your phone that turns your BlueTooth on, then it's open to the above hacks.

Perhaps most scarily, are those SMS buffer hacks that involve sending special characters through SMS. You may have seen scare messages mentioning something like "If you see a square character in an SMS message, then turn your phone off immediately.". It was theoretically possible to send most of the big smartphones (iPhone, Android, BlackBerry) such an SMS message, which, if carefully crafted, could do just about anything and run any arbitrary code, including turning on your BlueTooth. It would need to be a different message for each phone and each version of OS on each phone. This hole was also patched in Android 1.5 (second 1.5 update in UK, 1st update to 1.5 everywhere else as UK got it first). So, in this respect, it was possible to do this hack to phones running Android 1.1 or 1.0. I have no idea if other phones got their OS patched or not. But, think about it... for someone to exploit this they'd have to know your number, send you a text, you'd have to read it, and ignore it, all while in range (a few metres) of someone who happens to be scanning for BlueTooth devices to exploit. I could see a "friend" managing to be in such a situation, as he/she is near you, knows your number, etc. But... some friend eh?

It is also possible to turn it on via USB. But - I'm sure you'd notice someone connecting a USB lead to your phone.

Indeed, you nailed it with your statement about leaving BlueTooth turned on in discover mode. This allows any BlueTooth capable device nearby to detect and communicate with your phone.

So, in short, if your BlueTooth is off, and you're running the current Android 1.5 (not the early release the UK had for a few weeks) or above, you're completely safe... until someone discovers another exploit like the SMS buffer one of course...
 
Kewl, makes me glad I chose a G1, and yep it's got all the updates, had to be able to use that camcorder feature. I realize that bluetooth has about a 30-ish ft range meaning if there was a hacker attempting to break in they'd most likely be with the same building. A other reason not to go to the mall. LOL.

Thank you for your response.
 
i could be mistaken, but i'm almost positive i heard reports during the olympics in china telling people to take the batteries out of their phones. why? " rumor" as i recall had something to do with the chinese govt.
but it probably had more to do with infiltration than turning your cell on remotely. i guess anything is possible though
 
don't know what's that's about. maybe China doesn't have Android phones with the latest updates, or a lower version of bluetooth. From what I've been reading, but I'm still not all familar with bluetooth; but hopefully I'll be a little smarter by the end of the day.
 
its a security tool but like all security tools n the wrong hands it could be used for evil muahhahahah, ill guide u n the right direction but i dont think ill tell anyone how to use it. if u play with it long enough you'll get it though. P.S. its Linux so it can be ran off a live cd http://www.backtrack-linux.org/

the thread is still on here for the checksum right?
 
I'll play with it a bit, I have a Ubunto live cd I used to use to partition my sd cards. Found the hashcalc also. Thanks
 
Back
Top