Go Back  DVD Talk Forum > General Discussions > Tech Talk
Reload this Page >

A new form of War Driving- Bluejacking Cellular stores

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

A new form of War Driving- Bluejacking Cellular stores

Old 05-18-04, 04:16 PM
  #1  
DVD Talk Platinum Edition
Thread Starter
 
Join Date: May 2001
Location: In my Home Theater- Foley, AL
Posts: 3,503
A new form of War Driving- Bluejacking Cellular stores

I went today, to my local cellular carrier office (T-mobile) and overheard them saying that they have to rember to turn off all phones in the store upon closing as they had several cases where people were visiting the store and setting up Bluetooth phones to accept any connection. I asked them what had happened. They said that kids were using the Bluetooth to connect to the internet and use the store display cell phones as the dial out connection.

Kinda weird. I told them to just hang out & watch after closing, as Bluetooth has a very limited range. It would be easy to catch the kids.

Sonicflood
Sonicflood is offline  
Old 05-18-04, 08:08 PM
  #2  
DVD Talk Ultimate Edition
 
Join Date: Apr 2000
Location: Austin, Texas XboxLIVE Gamertag: Golucky Timezone: Central (CST)
Posts: 4,899
hmmm..... and I thought that all the store models were mockups.
goLUCKY is offline  
Old 05-18-04, 08:20 PM
  #3  
DVD Talk Hall of Fame
 
Join Date: Jan 2000
Location: US
Posts: 9,623
The local sprint store has plenty of live models. They hand you one and tell you to make some calls to see if you like it.

dave
Originally posted by goLUCKY
hmmm..... and I thought that all the store models were mockups.
Dave99 is offline  
Old 05-19-04, 05:30 AM
  #4  
Senior Member
 
Join Date: Jul 2002
Posts: 561
I was under the impression that Bluejacking was sending someone an offensive message over Bluetooth...not stealing bandwidth.
groovrbaby is offline  
Old 05-19-04, 09:28 AM
  #5  
DVD Talk God
 
Deftones's Avatar
 
Join Date: Oct 1999
Location: Arizona
Posts: 74,420
Originally posted by groovrbaby
I was under the impression that Bluejacking was sending someone an offensive message over Bluetooth...not stealing bandwidth.
Apparently that's changed.

Sort of reminds me when the Ipods first came out and people were going into computer stores and dumping the entire HDs content onto their Ipod.
Deftones is online now  
Old 05-19-04, 10:37 AM
  #6  
Senior Member
 
Join Date: Nov 1999
Location: Burbanka
Posts: 993
Let's get the technology back to what it was originally intended for- toothing!
warcp is offline  
Old 05-19-04, 11:21 AM
  #7  
DVD Talk Platinum Edition
 
Join Date: Dec 2002
Location: NJ
Posts: 3,337
Originally posted by warcp
Let's get the technology back to what it was originally intended for- toothing!
Damnit I was just coming in here to do a toothing joke

How come we didn't have fun stuff like this when I was a kid. Phreaking and reading ATM numbers with a tape cassette deck were the only fun things then. Lucky kids.
fnordboy is offline  
Old 05-19-04, 02:28 PM
  #8  
DVD Talk Hero
 
jfoobar's Avatar
 
Join Date: Jun 2000
Posts: 37,659
Here is a pretty solid overview of the various Bluetooth-related security vulnerabilities, as well as term definitions as they are commonly used:

http://www.thebunker.net/release-bluestumbler.htm

Serious flaws in bluetooth security lead to disclosure of personal data
Summary


In November 2003, Adam Laurie of A.L. Digital Ltd. discovered that there are serious flaws in the authentication and/or data transfer mechanisms on some bluetooth enabled devices. Specifically, three vulnerabilities have been found:

Firstly, confidential data can be obtained, anonymously, and without the owner's knowledge or consent, from some bluetooth enabled mobile phones. This data includes, at least, the entire phonebook and calendar, and the phone's IMEI.

Secondly, it has been found that the complete memory contents of some mobile phones can be accessed by a previously trusted ("paired") device that has since been removed from the trusted list. This data includes not only the phonebook and calendar, but media files such as pictures and text messages. In essence, the entire device can be "backed up" to an attacker's own system.

Thirdly, access can be gained to the AT command set of the device, giving full access to the higher level commands and channels, such as data, voice and messaging. This third vulnerability was identified by Martin Herfurt, and they have since started working together on finding additional possible exploits resulting from this vulnerability.

Finally, the current trend for "Bluejacking" is promoting an environment which puts consumer devices at greater risk from the above attacks.

Vulnerabilities


The SNARF attack:

It is possible, on some makes of device, to connect to the device without alerting the owner of the target device of the request, and gain access to restricted portions of the stored data therein, including the entire phonebook (and any images or other data associated with the entries), calendar, realtime clock, business card, properties, change log, IMEI (International Mobile Equipment Identity [6], which uniquely identifies the phone to the mobile network, and is used in illegal phone 'cloning'). This is normally only possible if the device is in "discoverable" or "visible" mode, but there are tools available on the Internet that allow even this safety net to be bypassed[4]. Further details will not be released at this time (see below for more on this), but the attack can and will be demonstrated to manufacturers and press if required.

The BACKDOOR attack:

The backdoor attack involves establishing a trust relationship through the "pairing" mechanism, but ensuring that it no longer appears in the target's register of paired devices. In this way, unless the owner is actually observing their device at the precise moment a connection is established, they are unlikely to notice anything untoward, and the attacker may be free to continue to use any resource that a trusted relationship with that device grants access to (but note that so far we have only tested file transfers). This means that not only can data be retrieved from the phone, but other services, such as modems or Internet, WAP and GPRS gateways may be accessed without the owner's knowledge or consent. Indications are that once the backdoor is installed, the above SNARF attack will function on devices that previously denied access, and without the restrictions of a plain SNARF attack, so we strongly suspect that the other services will prove to be available also.

The BLUEBUG attack:

The bluebug attack creates a serial profile connection to the device, thereby giving full access to the AT command set, which can then be exploited using standard off the shelf tools, such as PPP for networking and gnokii for messaging, contact management, diverts and initiating calls. With this facility, it is possible to use the phone to initiate calls to premium rate numbers, send sms messages, read sms messages, connect to data services such as the Internet, and even monitor conversations in the vicinity of the phone. This latter is done via a voice call over the GSM network, so the listening post can be anywhere in the world. Bluetooth access is only required for a few seconds in order to set up the call. Call forwarding diverts can be set up, allowing the owner's incoming calls to be intercepted, either to provide a channel for calls to more expensive destinations, or for identity theft by impersonation of the victim.

Bluejacking:

Although known to the technical community and early adopters for some time, the process now known as "Bluejacking"[1] has recently come to the fore in the consumer arena, and is becoming a popular mechanism for exchanging anonymous messages in public places. The technique involves abusing the bluetooth "pairing"[2] protocol, the system by which bluetooth devices authenticate each other, to pass a message during the initial "handshake" phase. This is possible because the "name" of the initiating bluetooth device is displayed on the target device as part of the handshake exchange, and, as the protocal allows a large user defined name field - up to 248 characters - the field itself can be used to pass the message. This is all well and good, and, on the face of it, fairly harmless, but, unfortunately, there is a down side. There is a potential security problem with this, and the more the practice grows and is accepted by the user community, and leveraged as a marketing tool by the vendors, the worse it will get. The problem lies in the fact that the protocol being abused is designed for information exchange. The ability to interface with other devices and exchange, update and synchronise data, is the raison d'Ítre of bluetooth. The bluejacking technique is using the first part of a process that allows that exchange to take place, and is therefore open to further abuse if the handshake completes and the "bluejacker" successfully pairs with the target device. If such an event occurs, then all data on the target device bacomes available to the initiator, including such things as phone books, calendars, pictures and text messages. As the current wave of PDA and telephony integration progresses, the volume and quality of such data will increase with the devices' capabilities, leading to far more serious potential compromise. Given the furore that errupted when a second-hand Blackberry PDA was sold without the previous owner's data having been wiped[3], it is alarming to think of the consequences of a single bluejacker gathering an entire corporate staff's contact details by simply attending a conference or camping outside their building or in their foyer with a bluetooth capable device and evil intent. Of course, corporates are not the only potential targets - a bluejacking expedition to, say, The House of Commons, or The US Senate, could provide some interesting, valuable and, who's to say, potentially damaging or compromising data.

The above may sound alarmist and far fetched, and the general reaction would probably be that most users would not be duped into allowing the connection to complete, so the risk is small. However, in today's society of instant messaging, the average consumer is under a constant barrage of unsolicted messages in one form or another, whether it be by SPAM email, or "You have won!" style SMS text messages, and do not tend to treat them with much suspicion (although they may well be sceptical about the veracity of the offers). Another message popping up on their 'phone saying something along the lines of "You have won 10,000 pounds! Enter this 4 digit PIN number and then dial 0900-SUCKER to collect your prize!" is unlikely to cause much alarm, and is more than likely to succeed in many cases.

Workarounds and fixes


We are not aware of any fixes for the SNARF or BLUEBUG attacks at this time, other than to switch off bluetooth.

To permanently remove a pairing, and protect against future BACKDOOR attacks, it seems you must perform a factory reset, but this will, of course, erase all your personal data.

To avoid Bluejacking, "just say no".

The above methods work to the best of our knowledge, but, as the devices affected are running closed-source proprietory software, it not possible to verify that without the collaboration of the manufacturers. We therefore make no claims as to the level of protection they provide, and you must continue to use bluetooth at your own risk.
Some additional data can be found at the URL above.
jfoobar is offline  
Old 05-21-04, 05:28 AM
  #9  
Senior Member
 
Join Date: Jul 2002
Posts: 561
*looks up* *starts reading* *doesn't finish*
groovrbaby is offline  

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive Advertising Cookie Policy Privacy Statement Terms of Service

Copyright © 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.