European researchers have built a Bluetooth sniffer on a $30 USB dongle

April 5, 2007

2 Min Read
Hacking Bluetooth With a USB Stick

If there's one thing that has precluded hackers and researchers from finding many bugs in Bluetooth, it's been the $10,000 price tag of the sniffer tools involved. But look out: European researchers have now broken that price barrier with a prototype sniffer based on a $30 Bluetooth USB dongle. (See New Hacking Tools Bite Bluetooth and Bluetooth Security Worse Than WiFi.)

The dongle's developers say their finding opens the door for open-source freebie sniffing tools for Bluetooth researchers. In fact, they were able to crack a commercial sniffer package (the name of which they wouldn't disclose) and copy and load it onto the USB stick.

Max Moser, founder of, and security analyst and tester for Dreamlab Technologies Ltd. , says he decided to investigate the possibility of transforming a USB Bluetooth dongle into a Bluetooth sniffer after hearing rumors that it might be possible.

"The bar to find such bugs has been lowered considerably as the price is no longer an issue," says Thierry Zoller, a security engineer with n.runs AG and Bluetooth security expert who assisted Moser in his research. "And as raw access to devices is granted this way, we may see Bluetooth fuzzers soon."

The hack was conducted using a Cambridge Silicon Radio (CSR) chip-based USB dongle, flash memory, and Bluetooth 2.X technology, Zoller says.

With Bluetooth, each device is an access point itself, and therefore an entry point into the local area network. And as Bluetooth devices spread beyond headsets and onto laptops and other equipment, the wireless technology will become a more attractive target for attackers, security experts say.

Moser says the USB-based sniffer lets you eavesdrop on a Bluetooth communication session. And that's only the beginning: Combined with Zoller's Bluetooth PIN-hacking tool -- BTCrack -- or similar tools, an attacker could access encrypted data and control Bluetooth devices. On the flip side, there's no way for a user to protect himself, except to run it in a "controlled" or isolated environment, he says.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like