Hacking Bluetooth With a USB Stick
The dongle's developers say their finding opens the door for open-source freebie sniffing tools for Bluetooth researchers. In fact, they were able to crack a commercial sniffer package (the name of which they wouldn't disclose) and copy and load it onto the USB stick.
Max Moser, founder of remote-exploit.org, and security analyst and tester for Dreamlab Technologies Ltd. , says he decided to investigate the possibility of transforming a USB Bluetooth dongle into a Bluetooth sniffer after hearing rumors that it might be possible.
"The bar to find such bugs has been lowered considerably as the price is no longer an issue," says Thierry Zoller, a security engineer with n.runs AG and Bluetooth security expert who assisted Moser in his research. "And as raw access to devices is granted this way, we may see Bluetooth fuzzers soon."
The hack was conducted using a Cambridge Silicon Radio (CSR) chip-based USB dongle, flash memory, and Bluetooth 2.X technology, Zoller says.
With Bluetooth, each device is an access point itself, and therefore an entry point into the local area network. And as Bluetooth devices spread beyond headsets and onto laptops and other equipment, the wireless technology will become a more attractive target for attackers, security experts say.
Moser says the USB-based sniffer lets you eavesdrop on a Bluetooth communication session. And that's only the beginning: Combined with Zoller's Bluetooth PIN-hacking tool -- BTCrack -- or similar tools, an attacker could access encrypted data and control Bluetooth devices. On the flip side, there's no way for a user to protect himself, except to run it in a "controlled" or isolated environment, he says.
— Kelly Jackson Higgins, Senior Editor, Dark Reading