lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 06 Nov 2008 15:39:53 -0500
From: Michael Holstein <michael.holstein@...ohio.edu>
To: Shawn Merdinger <shawnmer@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Bluetooth keyloggers?


> Just wondering if anyone has technical feedback/musings on the
> emerging bluetooth keyloggers available, such as the following
> products:
>   

Yeah .. use a USB keyboard ;)

> * Remote discovery of these devices (active and passive) via
> bluetooth, localhost device discovery, any other means, etc.
>   

Bluesniff can discover devices (including non-discoverable ones, if 
they're active) .. much like you can find wifi devices even if the SSID 
is hidden. Even though BT is encrypted, you can still see the frames at L2.

They can also be found the same way one find hidden 2.4ghz cameras .. 
using spectrum analyzers (I have an icom handheld that does this 
marginally well if you're close enough).

> * Countermeasures, any and all, including isolated "jamming" and, if
> feasible, control of data flow or "injection" of false data
>   

Well, if you're willing to throw the "Part B" rules out the window .. 
any broadband noise generator tuned to the appropriate frequency will 
work. Most of the cheap-o Chinese jammers for Cellphone/GPS are just a 
simple VCO and amplifier .. easy to tune into the appropriate band.

As for injection .. with the bluejacking tools you can force a 
re-pairing, and then bruteforce. Since the devices you link to are 
designed to be passive, I'd imagine they'd automatically re-pair (versus 
a phone, which would prompt the user to do something).

> * Real-world performance in light of interference (signal and obstacles)
>   

bluetooth dongle to my Samsung cellphone works ~20' in a typical office. 
Their statement about a "football field" is only true if you were 
actually in an open field.

> * Any other "stuff" -- honeypots, long-distance snarfage, creative
> applications, automation, etc. ;-)
>
>   

.. a 24db parabolic plus a bluetooth dongle modded for an external 
antenna can give you several hundred feet, easily.


Cheers,

Michael Holstein CISSP GCIA
Cleveland State University

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ