[Q] Security issues with Bluetooth? - Focus General

Hey, so I'm new to using Bluetooth in general since I've never really bothered with headsets and stuff, but now I have a car that actually can connect to my phone via Bluetooth to stream music/make phone calls, etc.
That said, it's not as simple to turn Bluetooth on/off with this phone as it was with Android (just pull down notifications bar and turn Bluetooth on/off as opposed to going to settings then Bluetooth). I know it's still not that much of a difference in effort in general.
That said, do you think it'd be safe to just leave Bluetooth on all the time? Are there any security concerns I should keep tabs on if I left it on all the time?
It'd just be easier if I could leave Bluetooth on and then have the phone automatically (un)pair with my car every time I go somewhere as opposed to making sure I have Bluetooth on before I start my car and then turning it off once I get to my destination.

norsairius said:
That said, do you think it'd be safe to just leave Bluetooth on all the time? Are there any security concerns I should keep tabs on if I left it on all the time?
Click to expand...
Click to collapse
It shouldn't be a problem, generally.
Given everything is working as it should, you should have to accept incoming connections, or engage outgoing ones - at least the first time said devices are paired.
In the past, there have been a few cases of security holes in Bluetooth stacks that allow ways of getting past this given the right circumstances...
I leave mine on all the time, with 6-7 phones over the last couple years. I've never had any issues. YMMV.

Related

Bluetooth Issues

Hi, sorry if this has been discussed somewhere else, but I haven't seen it.
I'm on my second M5k (the first one had serious radio issues), this one has bluetooth problems.
I've paired it with my Parrot car kit (which has always worked fine), but recently the car asks me to pair a device everytime its powered on. Likewise, I've just paired a BT GPS & it's connecting but not really seeing the device. In the BT manager, both devices now have a ? icon on the left rather than a headset etc.
Any ideas whats going on?
Thanks
Check on your outgoing port settings in bluetooth settings, if there is a tick in the secure connection, uncheck it and see if that works.
I had similar issue with bt gps reciever
Nope, not ticked.
On a side note, its been sat next to me for an hour with wifi on, connected to the pc & its just shut down with 52% battery left. When this thing doesnt wanna play, it really is the biggest waste of money i've ever had (course, for that 5 mins that it works properly its the greatest thing i've ever spent my money on).
sorry, thats the extent of my knowledge ... just a newbie
best of luck and keep the faith !
when i have a hard reset my paired devices disconfigured only

Bluetooth vulnerability.....Be careful!!

Guys/Gals....
I might be slow to know about this, so I figured some others here might be too. No disrespect intended, but I watched a program this weekend 'The Real Hustle' on British TV. It explored a serious vulnerability in the Bluetooth technology.
Apparently there exists software which can be installed on O/S based Mobile phones/PPC's that allow its user to scan for BT devices i.e. in busy areas like train stations etc.
They can then hijack your phone..'Without Your Knowledge'!! They can then use your available credit/contract minutes, to make calls to a purpose made premium number @ £1.50 per minute....all without leaving a trace on your phone!
You won't know until you get your whopping bill and will have no way out of paying for it, as calls will have registered as having been made from your phone!
Bottom line for Athena users with BT earpieces and other people too. ONLY switch your BT on when you are going to use it and be sure to switch it right back off when you're finished.
The program did not reveal whether this was possible if the devices/BT mode was set to invisible, but that is something I intend to find out.
Scary eh?
P.S. Something like this happened to a relative of mine only last week as his BT is always on (for phone calls). Just thought I'd share my concerns with you. Sorry if its old news already.
Yup, old news I'm afriad. The Ameo AFAIK and can test, seems to have a fairly sturdy bluetooth stack, as do most phones from the last 18months - 2years. But it is quite surprising how many phones are vulnerable to various bluetooth exploits. I have found that its not impossible to crash the BT stack, but its not trivial, and doesn't really seem to do too much damage, apart from requiring a restart of the BT module. Unlike my old T68 which locks up tighter than a locked up tight thing, gives out my contacts and calendar, make calls e.t.c.
Oh, and I generally leave the BT off on the Ameo because its such a battery drain.
Digital.Diablo said:
Yup, old news I'm afriad. The Ameo AFAIK and can test, seems to have a fairly sturdy bluetooth stack, as do most phones from the last 18months - 2years. But it is quite surprising how many phones are vulnerable to various bluetooth exploits. I have found that its not impossible to crash the BT stack, but its not trivial, and doesn't really seem to do too much damage, apart from requiring a restart of the BT module. Unlike my old T68 which locks up tighter than a locked up tight thing, gives out my contacts and calendar, make calls e.t.c.
Oh, and I generally leave the BT off on the Ameo because its such a battery drain.
Click to expand...
Click to collapse
Thanks for that Diablo. So what you are saying is that newer devices (like our) with newer BT stacks are NOT vulnerable to these attacks? Only the older types of mobile phones?
Is the hidden option didn't make any difference?
I have tested a couple of "available" software.
Generally it is quite trivial to establish a connection with older mobiles phones. SonyEricssons seem to be particularly vulnerable.
I haven't been able to successfully intercept the Athena though. Although I have many shortcomings in my very limited abilities... I'm sure a dedicated person would be able to intercept and <do whatever> given enough time.
Normally it should be enough to enable "Beam authentication" and uncheck "Make this device visible to other devices".
mackaby007 said:
Thanks for that Diablo. So what you are saying is that newer devices (like our) with newer BT stacks are NOT vulnerable to these attacks? Only the older types of mobile phones?
Click to expand...
Click to collapse
I wouldn't go as far as to say they're invulnerable, however they're stronger than other targets. Bluetooth in itself is quite basic in its security mechanisms, but Ameo stands up well to attack. As mentioned, its possible to crash the stack, but this doesn't bring any benefit to the attacker, apart from the knowledge that they've been able to do that. I suppose it could be used as a buffer overflow exploit, but with so few devices around, its probably not worth the effort to try.
One thing TO be aware of though is that when pairing a device, its possible for a 3rd party to grab the keys off the air, and then you can impersonate a bluetooth device. So if someone were to capture a key pairing between a mobile and a laptop for the laptop to be able to make internet connections via the phone, then you could impersonate the laptop to make these calls. But this is fairly unlikely if the phones are already paired. However, the cool thing is, if you've got a vulnerable phone, you can make it loose the pair key, when Mr End User resync's the phone, snap it out of the air and do naughty things. I work in Network Security so I try and experiment with these things for the good of our staff, and bluetooth hacking is one of the cooler things IMO.
Oh, another cool point is that people think bluetooth is 10m or 100m radius. Some researchers have managed to send a bluetooth message about 3km (I think).
And finally, the other thing you can do to really bug someone is repeatedly make bluetooth requests to their phone for 'services available'. Most phones will provide this without pairing, and in doing so, it can generally cause the power consumption to increase. Once again, I killed my T68 with this technique in about 2hrs from full charge, as each time it made the request, the screen redrew, the backlight and key led's came on and I suspect the radio power draw increased.
WM5 and espicially 6 are practically safe
Done a bit of research on this now and coupled with your feedback guys, I feel Athena owners are pretty safe from random attacks. Thanks a bunch for putting my mind at ease...I will however remain cautious in public areas and turn my bluetooth off if I am spending a considerable amount of time there.
The fact is that the only way this vulnerability works is by exploiting the Symbian Bluetooth stack for now. Conversely, WM is one of the more secure O/S's out there at present. WM6 is even more so. There's a lot of snakeoil within the industry, although with the Ameo, I would look into getting AV if you plan on doing a lot of downloading off the web. Yes, there is no serious malware for the WM platform, but the device can still be a carrier for the host Windows systems. As HSDPA becomes more widespread, the benefits fo attacking these platforms becomes greater; it's not there yet but will become an issue.
mackaby007 said:
Done a bit of research on this now and coupled with your feedback guys, I feel Athena owners are pretty safe from random attacks. Thanks a bunch for putting my mind at ease...I will however remain cautious in public areas and turn my bluetooth off if I am spending a considerable amount of time there.
Click to expand...
Click to collapse
It should* be enough to disable visibility. If need BT for your headset but care about battery drain just enable powersafe mode for the audio gateway in the registry.
I'm running bluetooth all the time on my ameo. I'm around a lot on public areas like train stations and airports and every now and then I'm using btCrawler to scan for other devices just to see how many are in visibile mode.
So the best practicefor using bluetooth (on laptops, handhelds or whatever) is:
- Turn off visibility
- Use encryption AND authentication for every connection
- Don't accept messages or transfers from unknown devices
- Don't use easy PINs like 0000 or 1234
- Use different PINs for every connection
If you follow the above, using bluetooth should* be safe
* Should, because if an attacker knows your device address, he's still able to try to attack you directly. There is an interesting article by Max Moser about using the expensive (but excellent) Bluetooth Diagnostic Tool from Fronline (FTS4BT) with a normal inexpensive bluetooth dongle. Using this you are able to sniff bluetooth connections by following the hopping sequence. You can sniff audio connections, data transfers, etc. If no encryption is enabled everthing is tranfered in plaintext. However it is still possible to decrypt encrypted BT traffic if you are able to sniff the pairing process. If you have successfully sniffed the whole pairing process you can extract the link key and PIN with btcrack and then use the frontline sniffer to decrypt the traffic.

[Q] Bluetooth and Cars

There are some very old threads about this - but this is now, pretty certainly, a general stock android 4.3/4 problem with "older" car hands-free systems. My kit is a Galaxy Note with OmniROM right up to date. My car is an Opel/Vauxhall Zaphira with a Navi 900 onboard computer. However there are threads on many android forums complaining of the same symptoms for "pure" stock 4.3/4 devices (e.g. the Nexus range, including the Samsung Galaxy Nexus) and a variety of cars, and all describing the same workaround (and a few lamenting that Google haven't been very responsive in addressing the problem). The symptoms and workaround are:
The car recognizes and "partially" pairs with the phone
However, the contacts list and call lists are empty and the phone cannot be controlled from the car, neither for incoming calls nor for outgoing calls (dialing from the car interface always gives a failed message, while trying to receive or hangup from the interface just plain fails).
Calls using the phone work, and show up on the car interface, always as "Unknown" (not surprisingly - it doesn't have the contacts list)
HOWEVER if, after this "partial" pairing up, I make a 30-45 second call using just the phone itself, then, after the call has terminated, contacts and call lists are properly available through the car interface and the phone can be fully controlled from that interface (and, of course, the FIRST time this happens, I get the notification on the phone telling me the car wants this information, which, of course, I confirm)
A workaround like that can be scripted with something like "Tasker" and using, say, my voice mail number (with my provider here in France, plain fake number calls don't stay online long enough for the above to work).
But does ANYONE have any idea where to start looking for the root cause and possible solutions, or have any theories on those points?
EDIT:
Just to be clear - the workaround "make a call from the phone" trick has to be done every time the phone and car reconnect, not just the first time.
Had this happen in my ford the other day and it's sync system.
The fix for me was a not so visible notification upon establishing the Bluetooth pairing in the notification tray asking if I wanted to allow for my phonebook to be downloaded. Clicked yes and everything set up as normal.
Mgd_toronto said:
Had this happen in my ford the other day and it's sync system.
The fix for me was a not so visible notification upon establishing the Bluetooth pairing in the notification tray asking if I wanted to allow for my phonebook to be downloaded. Clicked yes and everything set up as normal.
Click to expand...
Click to collapse
I got that notification AFTER I had done the "make a call from the phone" trick, not before.
I should also point out that the "make a call from the phone" trick has to be done every time I want to reconnect to the phone to the car (while the notification only appeared the first time I did the trick - because subsequently the phone and the car "trust" each other).
Aside from maybe unpairing and trying to set it up again which I am certain something you've probably already tried; have you checked the cars firmware?
Could also try resetting your Vauxhall's system as well in case there is a gremlin in there causing a hang up with the sync.
Again with Fords sync I have had to do it a few times over the years when the systems been misbehaving with the Bluetooth and it fixed it.
Mgd_toronto said:
Aside from maybe unpairing and trying to set it up again which I am certain something you've probably already tried; have you checked the cars firmware?
Could also try resetting your Vauxhall's system as well in case there is a gremlin in there causing a hang up with the sync.
Again with Fords sync I have had to do it a few times over the years when the systems been misbehaving with the Bluetooth and it fixed it.
Click to expand...
Click to collapse
Indeed I did the resets. And yes, possibly, an upgrade of firmware MIGHT fix it, but these problems don't occur with Android 4.1.n (or, I, believe 4.2.n).
I've logged a bug with the OminROM developers, but would like some pointers so I myself can start looking at solutions and fixes.
Hmm... Unfortunately I don't know who to assign that JIRA bug to.
Problem is - none of us own vehicle headunits that we can reproduce/test this problem on. I used to have a Sony MEX-BT2500 (technically I still do...) but since I sold my old convertible it just sits and collects dust.
I would agree that this will be a difficult one to find. It reminds me of working with 802.11b/g with it's dozens of "pre-draft" variants that just didn't interoperate properly.
If you wanted to dig into this yourself, the first place I'd look is https://github.com/omnirom/android_external_bluetooth_bluedroid and its upstream and parallel variants. That is the code that generally handles the upper-level Bluetooth management functions.
Edit -- Also worth looking at https://source.android.com/devices/bluetooth.html if you want an overview of how Android implements Bluetooth.
The comments on commits there might also be worth reading through. For example
https://github.com/omnirom/android_...mmit/73ce8ab2ddd30cab6499d0062c46b3a16f9130a9
Fact is however, that the use of SDP features value for peer_features
is new since Android 4.2 and breaks existing good behavior on a BMW
2005/E46 car kit (navi professional). This kit never asks for AT+CHLD
and never via AT commands suggests it supports 3WAY (although it seems
to have the flag set via SDP).​
Not the same issue, but there might be clues of that nature in the commit messages.

Bluetooth question

I am coming from a long history of HTC use and so I apologise if this question has an obvious answer.
Previously, if I wanted to connect to my bluetooth in the car (previously paired with), I would just hit the bluetooth button in quick settings to turn it on and that was it, just like connecting to wifi.
If I do this on my S7E, I then get another screen popping up that tells me my device is visible to others and lists previously paired devices for me to select from, and then I have push the back button to leave that screen?
Is there a simpler way as I used to do on my HTC?
cheers
C.
PS - I am sure this will be the first of a number of questions as I get used to TouchWiz and Marshmallow......Sorry.....
crazyC said:
Previously, if I wanted to connect to my bluetooth in the car (previously paired with), I would just hit the bluetooth button in quick settings to turn it on and that was it, just like connecting to wifi.
Click to expand...
Click to collapse
Have you ever *paired* your new phone with your car?
I've only had two cars with BT in them, but in both cases the car and phone had to be paired before they would work together.
Once that was done then it would work as you expect.
Specifics of getting your *car* into pairing mode I can't help with, but once you do that you should be able to select it while scanning from the phone (as you've seen already the phone will list devices it finds) and you can finish walking through the pairing.
C0derbear said:
Have you ever *paired* your new phone with your car?
I've only had two cars with BT in them, but in both cases the car and phone had to be paired before they would work together.
Once that was done then it would work as you expect.
Specifics of getting your *car* into pairing mode I can't help with, but once you do that you should be able to select it while scanning from the phone (as you've seen already the phone will list devices it finds) and you can finish walking through the pairing.
Click to expand...
Click to collapse
Oh yes, it was paired with the bluetooth fine (its actually a visor BT device, not the car itself), and when I turn on the BT it shows up on the list of previously paired devices)
Don't have to make it a trusted device for it to auto-pair?
Why turn Bluetooth off at all?
Just leave it on.
Regards,
Dave
Sent from my Nexus 6P using Tapatalk
neezy13 said:
Don't have to make it a trusted device for it to auto-pair?
Click to expand...
Click to collapse
Nope, just had to be paired.
Trusted Device brings in the Smart Lock stuff, which enables the option of having your phone NOT authenticate you (pattern/pin/finger/passwd) when connected.
For example, I have my car bluetooth set as a trusted device so that when I'm driving I don't get any identity challenge to use the phone (like for navigation), the screen will just come on as requested.
Smart lock is blocked by my exchange administrator as I get my work emails on my phone.
I turn the Bluetooth on the phone off because I don't turn the one in the car off and it's just outside the house and will stay connected.
Sent from my S7 Edge

Bluetooth problem

Hello to everyone.
From when i bought it the op8pro has some problem with the bluetooth. Is like if the device can connect to one device only. I have a fossil 5 gen, one fiesta mk8 with android auto and the bluetooth headset but is like if the bluetooth has some problem to connect to two or one devices. For example every time my car doesnt connect to the phone automatically and today when i was to the gym my headset doesnt connect automatically too. My previous note 10 pro was able to connect without any problem... Someone has some problem with the bluetooth? Thanks
I have another problem. Every time that i enter in my car the device is connect to android auto but if i want to play an audio from whatsapp i have to tap a lot of time on the play botton.!!!???why
I see this same issue, I'd say 80-90% of the time (the other 10-20%, it "just works", which is truly odd, given the protocol).
For example, I use some bone-conducting open-air headphones, while cycling (long time road cyclist), and sometimes I want to connect my Garmin Edge 1030, to download a route, when I'm out.
Good luck, even upon returning, I'm often sitting in the garage, trying 20+ times (after shutting my headphones off, even), to try and download my ride-data, for the day. Sometimes it requires rebooting both devices, flushing the Bluetooth app-cache, and the Garmin app-cache, and then it'll work, that's perhaps 40% of the time.
For another 40%, it will NOT connect, what-so-ever, across multiple reboots and app-cache flushes, period (I tend to give up at around the 20+ attempt mark, depending).
The last 20%, it works, perfectly, as you'd expect, and as my OP7 Pro did, I can't recall a single BT connectivity issue, with it, either solo (Garmin) or with headphones concurrently.
I've filed bugs with OP (along with NUMEROUS other radio bugs, like the fact you can't connect to a 5G-mobile signal, if you're connected to a WiFi signal, on the INO2025 model, bug filed, trace-logs submitted, including pointing out log-lines where the radio(s) fail).
Unfortunately, with the Bluetooth issues, it will not repro, if I use the OP debug-mode, which is how they want to receive logs (and how I've submitted many bugs, previously), so I'm at a loss, short of finding a hardware Bluetooth debug module (I used to work on h/w and s/w boundary driver stuff, so I've used a h/w BT debugger before, but not for some years, and have no access to one, currently).
OP seems to just ignore the bugs, at that point, when I can't provide the logs, they pretty much abandon the bug-thread, so I'm not sure how they're going to get some of these resolved (I've noted that the debug-mode seems to introduce some latency, or similar, that prevents repro, no response to that, what-so-ever).
I have reset the radio-stack, a couple of times, and did one full factory-reset (shortly after getting the phone, about 1 month back now), with no real change in results, for reference.
I feel like I'm back in the late-90's, when Bluetooth was super-flaky. on most devices, in the 1.x and 2.x days.
Not exactly a "flagship phone experience", or even a decent budget phone Bluetooth experience, for this day and age...
I'm open to ideas on how to debug further, I'm really more of a storage and display guy, and memory-management, in terms of the bulk of my dev/debug skills, communication protocols were something I did on the fringe, of sorts, when they overlapped, or similar.

Resources