BlueSnarf Experiment

Since Adam Laurie’s BlueSnarf experiment and the subsequent BlueBug experiment it is proven that some Bluetooth-enabled phones have security issues. Until now, attackers need laptops for the snarfing of other people’s information. Unless attackers do a long-distance-snarf, people would see that there is somebody with a laptop trying to do strange things. Blooover is a proof-of-concept tool that is intended to run on J2ME-enabled cell phones that appear to be comparably seamless. Blooover is a tool that is intended to serve as an audit tool that people can use to check whether their phones and phones of friends and employees are vulnerable.

Since the application runs on handheld devices and sucks information, it has been called Blooover (derived from Bluetooth Hoover).

On a paper submitted by a physicist colleague: “This isn’t right. This isn’t even wrong.” — Wolfgang Pauli

There have been quite a lot of things going on. Here, you find a list of projects that the trifinite.group conducts. Some of the projects were actually made before the trifinite.group was founded.

BlueBug is the name of a bluetooth security loophole on some bluetooth-enabled cell phones. Exploiting this loophole allows the unauthorized downloading phone books and call lists, the sending and reading of SMS messages from the attacked phone and many more things … [read more] – project-page started in April 2004

Long-Distance-Snarf – An eye-opener to those who believe that the range of the wireless technology Bluetooth is 100 meter maximum. The Long-Distance-Snarf Experiment that took place in the early morning of proofs this assumption wrong … [read more] – project-page started in August 2004

Bluetooone – The information on this page is intended to help people that want to modify their bluetooth equipment in order to connect an external (directional) antenna to their Bluetooth dongle. This Bluetooth tuning makes it possible to concentrate the emission of bluetooth signals to one direction instead of any direction. This direction of signals enhances the range of bluetooth radios … [read more] – project-page started in September 2004

Blueprinting – Blueprinting is a method to remotely find out details about bluetooth-enabled devices. Blueprinting can be used for generating statistics about manufacturers and models and to find out whether there are devices in range that have issues with Bluetooth security … [read more] – project-page started in September 2004

Blooover – Since Adam Laurie’s BlueSnarf experiment and the subsequent BlueBug experiment it is proven that some Bluetooth-enabled phones have security issues. Until now, attackers need laptops for the snarfing of other people’s information. Unless attackers do a long-distance-snarf, people would see that there is somebody with a laptop trying to do strange things. Blooover is a proof-of-concept tool that is intended to run on … [read more] – project-page started in September 2004

BT Audit – The Bluetooth architecture consists out of two main protocols, L2CAP and RFCOMM which is layered on top of L2CAP. Since these protocols utilize ports (as they are named in the popular TCP/IP UDP/IP architecture). It makes sense to have the ability to scan these in order to find so called open ports and possible vulnerable applications bound to them … [read more] – project-page started in September 2004

BlueSmack – BlueSmack is a Bluetooth attack that knocks out some Bluetooth-enabled devices immediately. This Denial of Service attack can be conducted using standard tools that ship with the official Linux Bluez utils package… [read more] – project-page started in December 2004

BTClass – Each Bluetooth device has a device class (type of device and services it provides) which is part of the responds to an inquiry. The device class has a total length of 24 bits and is separated in three parts…[read more] – project-page started in February 2005

BlueSnarf – The BlueSnarf attack is probably the most famous Bluetooth attack, since it is the first major security issue related to Bluetooth enabled devices. BlueSnarf has been identified by Marcel Holtmann in September 2003. Independently, Adam Laurie discovered the same vulneralbility in…[read more] – project-page started in April 2005

BlueSnarf++ – BlueSnarf++ is an attack that is very similar to the famous BlueSnarf attack. The main difference is that BlueSnarf++ is an attack where the attacker has full read/write access to the device’s filesystem. The manufacturers…[read more] – project-page started in April 2005

HeloMoto – The HeloMoto attack has been discovered by Adam Laurie and is a combination of the BlueSnarf attack and the BlueBug attack. The attack is called HeloMoto, since it was discovered on Motorola phones…[read more] – project-page started in April 2005

BlueBump – The BlueBump attack is the Bluetooth equivalent to a very cool physical security thread called key bumping. When used correctly, an appropriate bump key can be used to open any lock in seconds. Since the BlueBump attack is also about keys…[read more] – project-page started in April 2005

BlueDump – BlueDumping is the act of causing a Bluetooth device to ‘dump’ it’s stored link key, thereby creating an opportunity for key-exchange sniffing to take place. The attacks on link keys and PINs were first publicised by Ollie Whitehouse, at CanSecWest… [read more]– project-page started in June 2005

Car Whisperer – The carwhisperer project intends to sensibilise manufacturers of carkits and other Bluetooth appliances without display and keyboard for the possible security threat evolving from the use of standard passkeys. A Bluetooth passkey is used… [read more] – project-page started in July 2005

Nokia 770 – The Nokia 770 Internet Tablet is a Linux based tablet PC with built in Wi-Fi and Bluetooth capabilities. The trifinite.group will publish ports of it’s own and 3rd party packages for this platform, to enable it to be used as a compact, portable auditing device… [read more] – project-page started in November 2005

Blooover II – The trifinite Bluetooth Hoover (Version 2). Blooover II is the successor of the very popular application Blooover. After 150000 downloads of Blooover within the year 2005 (since the initial release in at 21c3 in December 2004), a new version of this mobile phone… [read more] – project-page started in December 2005

BlueChop – BlueChop is an attack that the disruption any established bluetooth piconet by meansof a device that is not participating the piconet. A precondition for this attack is that the master of the piconet supports multiple connections… [read more] – project-page started in January 2006

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: