Bluesnarfing: A first person's perspective...
I've heard a lot of bluejacking, bluesnarfing and bluebugging. Bluejacking is pretty harmless, because it consists of sending messages via bluetooth. But bluesnarfing (discreetly copying data from a mobile phone trhough bluetooth) and bluebugging (initiating phone calls from another bt-enabled phone, again discreetly) is really sisnister. There are a lot of papers available that discuss these attacks, but until now all I had was an audience's perspective. I had never seen what it really looks like. Until now.
I have a Nokia 6600 smartphone, and I'm used to downloading odd apps and trying them out. I saw an app called Blooover, and thought it's pretty interesting so I loaded it up. The home page says:
Pretty interesting stuff! I tried it on my sister's Nokia 3660, and friend's 3650's and 6600's, but it didn't work. Kept saying that the phones are not vulnerable to this attack. I promptly forgot all about the app. Yesterday, I was at a canference at a local 5-star hotel, and just happened to do a bluetooth scan to find out what phones in my vicinity have bluetooth enabled. I saw a few T610's, T630's and K700i's, alongwith a few 6600's, a 3650, and 2 6310i's. The 6310's are really old bluetooth-enabled mobiles from Nokia, and I happened to remember reading that they were vulnerable to bluesnarfing. So I decided to fire up Blooover and give it a whirl. Imagine my surprise when Blooover started giving me visual cues that the bluesnarf was proceeding successfully! It managed to get all the contacts in phone memory, all the contacts in the SIM card, all call logs (missed, dialled and received calls), all SMS (some were garbled with weird characters, but some of them even had his bank name, branch, account number and balance!). Blooover also managed to add a phone-entry of my own choosing, set the call forward to a default number, and initiated a call to another default number. Now that was amazing! I have all the logs with me. Blooover doesn't provide a way to save the log, but I turned on the screenshot feature of FExplorer, and took screenshots to save the whole data. I'm not willing to reveal it, as it contains personal information, but I felt scared and elated at the same time. I tried it on another Nokia 6310i, with the same results!
As I said in my last post about Google's revealing webcam searches, everything is inherently insecure. Any person with enough knowledge (or as in my case, little knowledge, but the right tools) can get in. Data that you think is safe and secret may not be so.
I have a Nokia 6600 smartphone, and I'm used to downloading odd apps and trying them out. I saw an app called Blooover, and thought it's pretty interesting so I loaded it up. The home page says:
"Blooover is a proof-of-concept tool that is intended to run on J2ME-enabled cell phones that appear to be comparably seamless. Blooover is a tool that is intended to serve as an audit tool that people can use to check whether their phones and phones of friends and employees are vulnerable."
Pretty interesting stuff! I tried it on my sister's Nokia 3660, and friend's 3650's and 6600's, but it didn't work. Kept saying that the phones are not vulnerable to this attack. I promptly forgot all about the app. Yesterday, I was at a canference at a local 5-star hotel, and just happened to do a bluetooth scan to find out what phones in my vicinity have bluetooth enabled. I saw a few T610's, T630's and K700i's, alongwith a few 6600's, a 3650, and 2 6310i's. The 6310's are really old bluetooth-enabled mobiles from Nokia, and I happened to remember reading that they were vulnerable to bluesnarfing. So I decided to fire up Blooover and give it a whirl. Imagine my surprise when Blooover started giving me visual cues that the bluesnarf was proceeding successfully! It managed to get all the contacts in phone memory, all the contacts in the SIM card, all call logs (missed, dialled and received calls), all SMS (some were garbled with weird characters, but some of them even had his bank name, branch, account number and balance!). Blooover also managed to add a phone-entry of my own choosing, set the call forward to a default number, and initiated a call to another default number. Now that was amazing! I have all the logs with me. Blooover doesn't provide a way to save the log, but I turned on the screenshot feature of FExplorer, and took screenshots to save the whole data. I'm not willing to reveal it, as it contains personal information, but I felt scared and elated at the same time. I tried it on another Nokia 6310i, with the same results!
As I said in my last post about Google's revealing webcam searches, everything is inherently insecure. Any person with enough knowledge (or as in my case, little knowledge, but the right tools) can get in. Data that you think is safe and secret may not be so.
posted by Khurram at
Monday, January 31, 2005
18 Comments:
Can you please tell s how you install Bloover, I cant get it to work on my 7610, where do I stick the files and folders.
thanks
By
Anonymous, at 1:32 AM
I simply downloaded the Blooover java archive from this address: http://trifinite.org/Downloads/Blooover.jar
Sent it to my phone, and opened the received message. This prompted me to install the program and I did. That's all there is to it. If you're still having problems, please do let me know.
By
Khurram, at 10:48 AM
when i install it it sais invalid file how to install jar file
By
Anonymous, at 5:43 PM
I have got the blooover file but how can i send it to my phone using bluetooth on my comp?
e-mail me on c1jty@hotmail.com
cheers
By
Anonymous, at 11:51 PM
its simple just download it change the name to .jar at the end instead of .zip. then send to your phone, install it. activate bluetooth then open
By
Anonymous, at 9:16 PM
I need help big time. I have a 6230i and i have put the things on my phone, but i cant access them! HELP PLEASE! (KIEWEE123@GMAIL.COM)
By
Anonymous, at 2:46 PM
i have the new samsung E720 and nokia 6230i....ive tried to install bloover onto each fone but it will not let me, it says file format not suported although it is .jar what should i do ? thnks lukoz
By
Anonymous, at 5:10 PM
^^^^^^^ get bak to me at chilling_lukoz@hotmail.com if you know how to help me
thnks lukoz
By
Anonymous, at 5:11 PM
Ive got a nokia 6230 and id like to know how to install it via bluetooth... chronox22@hotmail.com
By
Anonymous, at 1:41 AM
hmm been trying to get blooover going with very limited sucess but it's fun
i will note your phone models down and give it a try later
thanks
sircolin
By
Anonymous, at 11:09 PM
Hey...i cant get blooover 2 work on my nokia 6230.. it says file of an unsupported type...please help!
By
Anonymous, at 1:46 PM
I downloaded it a while back with no problems.. I got the exact same result you got when it was activated. Complete phone book, calendar, note book, sms's the lot. It's kind of freeky what u can get and makes u think how safe u really are. Most of the information i got was useless to me but imagine getting this kind of stuff from someone important. hmmm worked a treat for me. I sit in heavy traffic and scan for bluetooth all the time just to see who's dumb enough to leave it on. I advise that if your not using your bluetooth, TURN IT OFF.
By
Anonymous, at 4:52 PM
i downloaded bloover but it only audits the phone and then stops the process & only tell me whether the phone is vulnerable to some attacks or not and does not actually get me their phonebook entries and sms and other stuff ..
why is it so??
By
Anonymous, at 6:48 PM
Hi, i have blooover and have audited a few phones successfully, but i was wondering how to change the predefined call forward number and the voice call number to one of my own numbers,nif you can help please reply, thanks
By
Anonymous, at 5:09 AM
whats best model of phone for blooover to work on or does it work on most blue tooth phones thanks
By
Anonymous, at 9:13 PM
whats best model of phone for blooover to work on or does it work on most blue tooth phones thanks
By
Anonymous, at 9:13 PM
please help been trying to put blooover on my samsung d600 all day cant do it please someone help me!
By
Anonymous, at 2:54 AM
i cannot get blooover to open on my evo can someone help?
By
Anonymous, at 7:40 AM
Post a Comment
<< Home