Injecting Audio Into Insecure Bluetooth Handsets 222
vandon writes "Linux hackers have demonstrated a way to inject or record audio signals from passing cars running insecure Bluetooth hands-free units. The Trifinite group showed how hackers could eavesdrop on passing motorists using a directional antenna and a Linux Laptop running a tool it has developed called Car Whisperer."
Device must be in paring mode (Score:2, Informative)
From what i understand of the article, your bluetooth device must be explicitly set to the pairing/discoverable mode. This is not on by default
On my Jabra BT800 headset, i have to push a recessed button to bring the device to this mode. After the headset is paired, it is no longer discoverable, nor does it accept parings from other devices.
Cordless Telephones (Score:2, Informative)
Lets just say I got to know my neighbors very well.
(If you have a cordless phone and are wondering if its secure.. make sure it has "spread spectrum" technology)
Re:cool but also meh (Score:4, Informative)
This works on devices which do not need to be put into a special mode to be paired, and which are using a fixed same-for-every-unit pairing password.
this software just requests a pairing with every handsfree device it sees, and tries the standard password. If the device had bothered to need physical confirmation for pairing (like any decent headset) or used a random printed-on-the-box password then this wouldnt be happening.
this also isnt about just listening in on other peoples phone conversations, its about listening to ANY conversation, as once you have paired with the device, if it is for example an in car hands free device, you can turn on the microphone and listen to anything said in the car cabin.
Re:Cordless Telephones (Score:2, Informative)
Give the mod the benefit of the doubt (Score:5, Informative)
For those who don't understand, Verizon Wireless (as in mobile/cellular phone, not WiFi network) has been running a series of commercials where in order to test the strength of Verizon's signals a Verizon technician will go into the most bizarre locations and say "Can you hear me now? Good!" The idea is that no matter where he goes, he can get a clear signal and can be heard by whoever is on the other end.
Hence why the parent post is actually 100% on-topic and funny.
(Now watch this post get hit with offtopic instead of Informative. No good deed goes unpunished on Slashdot.)
Pics of the demo on WhatTheHack last friday (Score:2, Informative)
I made some pics of the demo, starting with this one:
http://geektechnique.org/gallery/wth2005/DSC04384 [geektechnique.org]
(browse with 'next' through the pics of the demo)
BTW, WTH was great!
Re:Device must be in paring mode (Score:3, Informative)
Anyway, I'll be interested to hear whether anyone gets it working - don't have the time to try it myself.
Re:Acura TL (Score:3, Informative)
Re:List of which kits are susceptable (Score:5, Informative)
Finish reading the article.. Does you device allow you to enter your own passkey? Does your device allow you to reject connection attempts? If your device has no user interface, then it probably is vunerable.