- Capturing Initial Pairing Exchanges and Brute Forcing the PIN
- Forcing Paired Devices to Rekey
- Eavesdropping on Bluetooth Headsets
Eavesdropping on Bluetooth Headsets
This simple attack can turn a Bluetooth hands-free headset into a microphone, allowing a hacker to remotely record audio from the device from a distance. The implications of this attack are staggering. Imagine having your executives in a private meeting and being able to listen in on their conversation without them knowing. This attack shows how headset manufacturers rely on the obscuration of the BD_ADDR as a security measure.
- Hacker reconstructs BD_ADDR of the hands-free headset through passive or active means.
- Hacker configures his laptop’s Bluetooth device to represent a mobile phone instead of the default laptop.
- Using the default PIN code of the headset, the user can then establish a connection to the headset only when the device is not in use (not on a phone call).
- Once the connection to the headset has been established, the hacker can open the audio channel to either play or record audio using a tool called Carwhisperer.
Short-range wireless technology such as Bluetooth, UWB, and Zigbee makes clear business sense for both business and home users.
Users want their gadgets to be able to communicate without having to bring an arsenal of proprietary cables and wires around with them. The failure of the implementation and design of these technologies and the widespread adoption of these devices pose a great risk to the security of individuals and businesses alike.
The blame doesn’t reside with hackers but with companies using proprietary protocols and obscurity for protection and not identifying the risks before going to market.
Any wireless technology that becomes as widely adopted as Bluetooth will end up under the scrutiny of hundreds if not thousands of brilliant minds.
What scares me the most (and is the reason for this article) is the proliferation of Bluetooth devices in corporate environments. We are now seeing corporate employees using Bluetooth on their hands-free headsets, keyboards, mice, PDAs, and mobile phones.
Bluetooth in a corporate environment is becoming the next on-ramp for hackers looking to get access to critical information. This, coupled with the increased range and bitrates supported by newer Bluetooth protocols, is making this technology look like the next wireless Hindenburg.