Guys/Gals....
I might be slow to know about this, so I figured some others here might be too. No disrespect intended, but I watched a program this weekend 'The Real Hustle' on British TV. It explored a serious vulnerability in the Bluetooth technology.
Apparently there exists software which can be installed on O/S based Mobile phones/PPC's that allow its user to scan for BT devices i.e. in busy areas like train stations etc.
They can then hijack your phone..'Without Your Knowledge'!! They can then use your available credit/contract minutes, to make calls to a purpose made premium number @ £1.50 per minute....all without leaving a trace on your phone!
You won't know until you get your whopping bill and will have no way out of paying for it, as calls will have registered as having been made from your phone!
Bottom line for Athena users with BT earpieces and other people too. ONLY switch your BT on when you are going to use it and be sure to switch it right back off when you're finished.
The program did not reveal whether this was possible if the devices/BT mode was set to invisible, but that is something I intend to find out.
Scary eh?
P.S. Something like this happened to a relative of mine only last week as his BT is always on (for phone calls). Just thought I'd share my concerns with you. Sorry if its old news already.
Yup, old news I'm afriad. The Ameo AFAIK and can test, seems to have a fairly sturdy bluetooth stack, as do most phones from the last 18months - 2years. But it is quite surprising how many phones are vulnerable to various bluetooth exploits. I have found that its not impossible to crash the BT stack, but its not trivial, and doesn't really seem to do too much damage, apart from requiring a restart of the BT module. Unlike my old T68 which locks up tighter than a locked up tight thing, gives out my contacts and calendar, make calls e.t.c.
Oh, and I generally leave the BT off on the Ameo because its such a battery drain.
Digital.Diablo said:
Yup, old news I'm afriad. The Ameo AFAIK and can test, seems to have a fairly sturdy bluetooth stack, as do most phones from the last 18months - 2years. But it is quite surprising how many phones are vulnerable to various bluetooth exploits. I have found that its not impossible to crash the BT stack, but its not trivial, and doesn't really seem to do too much damage, apart from requiring a restart of the BT module. Unlike my old T68 which locks up tighter than a locked up tight thing, gives out my contacts and calendar, make calls e.t.c.
Oh, and I generally leave the BT off on the Ameo because its such a battery drain.
Click to expand...
Click to collapse
Thanks for that Diablo. So what you are saying is that newer devices (like our) with newer BT stacks are NOT vulnerable to these attacks? Only the older types of mobile phones?
Is the hidden option didn't make any difference?
I have tested a couple of "available" software.
Generally it is quite trivial to establish a connection with older mobiles phones. SonyEricssons seem to be particularly vulnerable.
I haven't been able to successfully intercept the Athena though. Although I have many shortcomings in my very limited abilities... I'm sure a dedicated person would be able to intercept and <do whatever> given enough time.
Normally it should be enough to enable "Beam authentication" and uncheck "Make this device visible to other devices".
mackaby007 said:
Thanks for that Diablo. So what you are saying is that newer devices (like our) with newer BT stacks are NOT vulnerable to these attacks? Only the older types of mobile phones?
Click to expand...
Click to collapse
I wouldn't go as far as to say they're invulnerable, however they're stronger than other targets. Bluetooth in itself is quite basic in its security mechanisms, but Ameo stands up well to attack. As mentioned, its possible to crash the stack, but this doesn't bring any benefit to the attacker, apart from the knowledge that they've been able to do that. I suppose it could be used as a buffer overflow exploit, but with so few devices around, its probably not worth the effort to try.
One thing TO be aware of though is that when pairing a device, its possible for a 3rd party to grab the keys off the air, and then you can impersonate a bluetooth device. So if someone were to capture a key pairing between a mobile and a laptop for the laptop to be able to make internet connections via the phone, then you could impersonate the laptop to make these calls. But this is fairly unlikely if the phones are already paired. However, the cool thing is, if you've got a vulnerable phone, you can make it loose the pair key, when Mr End User resync's the phone, snap it out of the air and do naughty things. I work in Network Security so I try and experiment with these things for the good of our staff, and bluetooth hacking is one of the cooler things IMO.
Oh, another cool point is that people think bluetooth is 10m or 100m radius. Some researchers have managed to send a bluetooth message about 3km (I think).
And finally, the other thing you can do to really bug someone is repeatedly make bluetooth requests to their phone for 'services available'. Most phones will provide this without pairing, and in doing so, it can generally cause the power consumption to increase. Once again, I killed my T68 with this technique in about 2hrs from full charge, as each time it made the request, the screen redrew, the backlight and key led's came on and I suspect the radio power draw increased.
WM5 and espicially 6 are practically safe
Done a bit of research on this now and coupled with your feedback guys, I feel Athena owners are pretty safe from random attacks. Thanks a bunch for putting my mind at ease...I will however remain cautious in public areas and turn my bluetooth off if I am spending a considerable amount of time there.
The fact is that the only way this vulnerability works is by exploiting the Symbian Bluetooth stack for now. Conversely, WM is one of the more secure O/S's out there at present. WM6 is even more so. There's a lot of snakeoil within the industry, although with the Ameo, I would look into getting AV if you plan on doing a lot of downloading off the web. Yes, there is no serious malware for the WM platform, but the device can still be a carrier for the host Windows systems. As HSDPA becomes more widespread, the benefits fo attacking these platforms becomes greater; it's not there yet but will become an issue.
mackaby007 said:
Done a bit of research on this now and coupled with your feedback guys, I feel Athena owners are pretty safe from random attacks. Thanks a bunch for putting my mind at ease...I will however remain cautious in public areas and turn my bluetooth off if I am spending a considerable amount of time there.
Click to expand...
Click to collapse
It should* be enough to disable visibility. If need BT for your headset but care about battery drain just enable powersafe mode for the audio gateway in the registry.
I'm running bluetooth all the time on my ameo. I'm around a lot on public areas like train stations and airports and every now and then I'm using btCrawler to scan for other devices just to see how many are in visibile mode.
So the best practicefor using bluetooth (on laptops, handhelds or whatever) is:
- Turn off visibility
- Use encryption AND authentication for every connection
- Don't accept messages or transfers from unknown devices
- Don't use easy PINs like 0000 or 1234
- Use different PINs for every connection
If you follow the above, using bluetooth should* be safe
* Should, because if an attacker knows your device address, he's still able to try to attack you directly. There is an interesting article by Max Moser about using the expensive (but excellent) Bluetooth Diagnostic Tool from Fronline (FTS4BT) with a normal inexpensive bluetooth dongle. Using this you are able to sniff bluetooth connections by following the hopping sequence. You can sniff audio connections, data transfers, etc. If no encryption is enabled everthing is tranfered in plaintext. However it is still possible to decrypt encrypted BT traffic if you are able to sniff the pairing process. If you have successfully sniffed the whole pairing process you can extract the link key and PIN with btcrack and then use the frontline sniffer to decrypt the traffic.
We currently have an app that runs on an Android phones, for a small company of property appraisers. It includes a map of properties, a property information form, and a camera.
It works great, although the display is too small for effective mapping. For that reason, we've purchased Viewsonic gTablets and we've built the map feature onto those, leaving the Android phone to handle the camera and property input.
The problem? How to get the two talking!
Originally we built a bluetooth app to allow the two to exchange simple data. That works fine; however, we run into one problem: using the Google Maps API requires Internet connectivity (the gTablet has no Internet connectivity, as is).
The problem is that I'd prefer not to rely on wifi (which would require the phone to offer the tether, and the gTablet to run wifi at all times). Bluetooth is much more controllable.
I thought I would propose the question to the experts here. How would you handle an application written over two Androids, where one (the tablet) needs to proxy the map-requests through the other (the phone)?
Thank you in advance for ANY ideas!
RKM
Hi, as the title said, I’d like to know what app are you using to share your phone’s 3G connection with the TF101 using bluetooth.
I tried everything but none works. Pdanet, etc.
And every single app does only wifi theter, not bluetooth.
Simply, i don’t know what to install on my Galaxy S2; I’d buy anything if sure that it’d work.
Does your phone model not support wireless hotspot??
Just saw that it is a galaxy s2, which means it should support wireless hotspot..you should root your galaxy and flash a rom with wireless hotspot hack enabled, no app needed.
First you'll have to root your Galaxy SII, if you're not ready/able to do that you can't really use bluetooth for tethering (I haven't found one that works WITHOUT root)
Thanks guy, buy my galaxy s2 is rooted since the first day I got it, and by the way here where I live the wireless hotspot is not disabled, it works also without root.
I don’t want to make my phone become an Hotspot, because it waste a lot of battery. I’d like to share connection via bluetooth so I can keep it always on without enormous battery drains. Which one do you use, No_u?
Here's the steps I performed to use Bluetooth internet sharing with my Motorola Milestone 2. I learnt that from a friend who paired an Asus Slider with his iPhone, so I'm pretty sure Samsung Galaxy S2 will be able to support Bluetooth internet sharing without root..
One-time set up (configure Bluetooth pairing)
- Turn on Bluetooth on both devices
- On Galaxy S2 (or other smartphone which support Bluetooth internet sharing profile), activate "Discoverable" mode.
- On Asus TF101, (under Bluetooth settings menu ya?), search for the smartphone and select to pair.
Every time when you want to activate internet sharing via Bluetooth
- Turn on Bluetooth on both devices,
- On Asus tF101, under Bluetooth settings -> Paired devices, press on the smartphone to 'connect
Done! Enjoy internet via smartphone Bluetooth.
wanzer said:
Thanks guy, buy my galaxy s2 is rooted since the first day I got it, and by the way here where I live the wireless hotspot is not disabled, it works also without root.
I don’t want to make my phone become an Hotspot, because it waste a lot of battery. I’d like to share connection via bluetooth so I can keep it always on without enormous battery drains. Which one do you use, No_u?
Click to expand...
Click to collapse
TF101 support Bluetooth Tether (use phone as modem) with bluetooth PAN profile.
When pair with a phone has bluetooth PAN profile (it has 1 more icon in device list, just like A2DP profile has a headphone icon), just click on it to connect.
Many phone have bluetooth DUN profile (Dial-up Networking) but just a few have bluetooth PAN profile (personal area networks). I bought a SonyEricsson Cedar J108i for this function
You have to search in user manual, phone wiki page, ... to know what Bluetooth profile is supported.
I have an embedded system using a Bluegiga Bluetooth chip and a PIC processor. I want to establish a connection directly with a Smart watch so that I can post text messages from my embedded application directly onto the Smart watch screen. In essence, the Smart watch would act as a "console" for the embedded system.
I can't seem to find an appropriate SDK that will allow me to do this (i.e. develop an app on the Smart watch). Bluetooth transmissions are always encased within a message wrapper that must be generated on a paired and supported smartphone. What I want to do is interface directly to the Bluetooth chip on the Smart watch (bypassing the smartphone), and connect/transmit/receive to my embedded system directly via Bluetooth SPP (Serial Port Protocol).
Does anyone know of a Smart watch SDK that would allow me to do this?
I don't care about the brand of Smart watch. Only that it is really exists and can be purchased, and that it has an SDK that supports direct Bluetooth communication.
Thanks in advance for any responses.
My child uses a Diabetes Device (Dexcom G7 CGM) that connects to my phone via bluetooth.
If I'm out of range (6 meters) it disconnects and I can't get any info or alerts. It also can only connect to the one device that it's paired with and cannot be repaired to another device.
I'm aware that with Wifi we can have multiple "repeaters" that allow us to connect to one SSID but switch between the closest router.
Is there something that I can keep close to her that will identify as my phones bluetooth and repeat that bluetooth signal more than 6 meters but if I'm out of the house with her and only have my phone with me it should still be able to connect to my phone and not always have to connect to the device?
A normal range extender would not work because it wouldn't identify as my device.
Any help is appreciated.
One solution could be to use a Bluetooth range extender or repeater. These devices can receive Bluetooth signals and then rebroadcast them at a higher power, effectively extending the range of the signal. There are several Bluetooth range extenders available on the market that may work for your situation.
One option is the "Wireless Bluetooth Transmitter" by Avantree, which is designed specifically to extend the range of Bluetooth devices like your Dexcom G7 CGM. Another option is the "Bluetooth Extender" by Cricut, which can extend the range of Bluetooth signals up to 100 meters.
Another possible solution is to use a Raspberry Pi or similar device as a Bluetooth repeater. This would require some technical expertise, but there are tutorials available online that can guide you through the process. Essentially, you would use the Raspberry Pi to receive the Bluetooth signal from your Dexcom device and then rebroadcast it at a higher power.
Keep in mind that while these solutions may work to extend the range of your Bluetooth signal, they may also introduce some latency or delay in the data transmission. It's important to test any new devices thoroughly to ensure that they are working reliably and providing accurate data.
anawilliam850 said:
One solution could be to use a Bluetooth range extender or repeater. These devices can receive Bluetooth signals and then rebroadcast them at a higher power, effectively extending the range of the signal. There are several Bluetooth range extenders available on the market that may work for your situation.
One option is the "Wireless Bluetooth Transmitter" by Avantree, which is designed specifically to extend the range of Bluetooth devices like your Dexcom G7 CGM. Another option is the "Bluetooth Extender" by Cricut, which can extend the range of Bluetooth signals up to 100 meters.
Another possible solution is to use a Raspberry Pi or similar device as a Bluetooth repeater. This would require some technical expertise, but there are tutorials available online that can guide you through the process. Essentially, you would use the Raspberry Pi to receive the Bluetooth signal from your Dexcom device and then rebroadcast it at a higher power.
Keep in mind that while these solutions may work to extend the range of your Bluetooth signal, they may also introduce some latency or delay in the data transmission. It's important to test any new devices thoroughly to ensure that they are working reliably and providing accurate data.
Click to expand...
Click to collapse
Thanks but I believe that the range extender would appear to the device with it's own ID, this would mean that the device would not pair with it because it needs to also have the app. Also I need to be able to leave the house with just my cellphone and no repeater.
That's why I need a device that will appear to the dexcom as my phone and relay the data to my phone further away. Exactly the way it's done with a Wifi repeater that has the same SSID and the main router.