VIDEO: Hackers Can Exploit Bluetooth Headsets
Conversations are no longer safe.
With the government cracking down on mobile phone usage while driving a moving vehicle, many consumers are resorting to Bluetooth headsets in order to communicate hands-fee. While that may eventually save lives on the road, it could cost millions thanks to hackers listening in on Bluetooth conversations, especially devices with a fixed PIN value of 0000.
The video shown below demonstrates how SANS Institute author and senior instructor Joshua Wright could connect to a Bluetooth headset within a Starbucks Coffee shop. He used an external Bluetooth dongle and modified it to connect to an antenna which he thus points to the Starbucks inside his shoulder bag. A laptop running Linux polonium v2.6.21.1 is also within the bag--he uses a Nokia 770 handheld to control it by remote.
Ultimately he was able to connect with a headset while the user was placing an order. Wright added that hackers can inject arbitrary audio into the user's headset, however the retrieval seems to be the bigger issue, especially if users are spouting addresses, social security numbers, and other sensitive information into their Bluetooth headsets.
- Verizon Responds to No Wi-Fi on Skype
- VIDEO: Windows Phone 7 Ported to HTC HD2
- Nintendo Launches Bigger DSi, the DSi XL, in NA
- Leak Gives Project Natal Game October 29 Release
- 22 Megapixel Gesture-Driven Display Debuts
- Turning Copenhagen Into Bikeland
- VIDEO: Ghost Recon: Future Soldier Movie Trailer
- New iPhone Jailbreak Hack May Also Work on iPad
- Twitter TV Show Crashes, Gets Buried
- iPad Ships, Limited Quantities at Best Buy
- Microsoft Leaks Zune HD 64GB Model
- Girl, 9, Gets Dating Game Instead of Pet Monkeys
- Students Develop Pong You Control With Eyeball
- The 'Unhackable' Swiss Army Knife USB Stick
- The Coffee Table Concept that Plays Music
- A Wrist Computer Concept That's Also Stylish
- Report: Apple Working on Verizon iPhone
- Data of 3.3M People Stolen from Student Loan Firm
- Android Traffic to Surpass iPhone Soon in the U.S.
And that is why I hold my phone to my head.
Seriously, I don't understand people with those things. Do they think they're fashionable? Because they're not.
They're another excuse to not use your phone like a phone.
These days, IM clients, MP3 players, video players, internet devices, game consoles and major life utilities.
All of that, with a bonus phone added in.
I guess this makes the tinfoil hat obsolete. Tinfoil burqa maybe? Perhaps to be secure you'll need clothing with fiber optic lines sewn-in so you can connect your phone and headset without leakage.
I bought a bluetooth headset to make it easier to call my fiancé for hours on end, but we abandoned it since it was awful quality. Gonna stick with face-to-handset. xD
Wow, over-the-air transmission isn't secure. What else is new?
Somehow I think I've heard about this sort of thing before... like 5 years ago.
And that is why I hold my phone to my head.Seriously, I don't understand people with those things. Do they think they're fashionable? Because they're not.
Actually, believe it or not, some people try to be safer drivers.
Actually, believe it or not, some people try to be safer drivers.
Unfortunately, you cannot text hands & eyes free with a blue-tooth headset, which is where the real problem lies: Texting.
The only calls important enough to make while driving are either:
1) 911 or another emergency number (that is short and/or memorized)
2) on speed-dial already
In both situations, it is not necessary for the operator to look at his/her phone, and in both situations, it distracts them MUCH less than sending a 50-500 character text. (well seriously, what's the point of a 10 character text? Typing a 10 digit phone number, however, is much less likely to cause an accident.)
Wow!! He has an entire Starbucks inside his shoulder bag?!
Awesome.
Is this some new type of government fee for using your hands?
Come on Tom's, I've reported more than 5 typos in the last one month, and I'm not even a native speaker!!!
Okay... so change the PIN from "0000", and don't give out sensitive information like CC# or SS# while talking over bluetooth.
Why not use wired headsets? seriously... first of all Bluetooth is still radio-waves which can cause cancer and second, it needs no additional battery and it's way better quality.
So giving all your personal details out in the middle of a crowded Starbucks isn't a security risk at all? Who needs the kit, just go in, buy a coffee and eavesdrop!
they look like GPS guided dorks!!!
And that is why I hold my phone to my head.Seriously, I don't understand people with those things. Do they think they're fashionable? Because they're not.
No they are not fashionable coz it make them look like GPS guided dorks
This does seem to be overblown. He has to aim his antenna at your location and connect to a specific headset address. How will they do this when you're in a cart at 30 MPH (50 Kmh)? And how often are people giving out their credit card numbers or SS# over the phone while driving? I can see someone might place an order by phone from a coffee shop and give their credit card number, but it would be a noob mistake, since anyone around you can hear you.
If they can pick up mass groups of BT headsets then who will take the time to sort through all of the conversations and pick out any sensitive data (other than the government, I mean)?
Just some thoughts. I'd be glad to share them over a bluetooth connection!
I'm still waiting to see a rash of Prius' get stolen when someone spoofs the BT in their key fob. That will be hilarious!
Why not use wired headsets? seriously... first of all Bluetooth is still radio-waves which can cause cancer and second, it needs no additional battery and it's way better quality.
I, too, prefer the sound of a wired headset and the battery-free convenience. However, my current phone doesn't have a connection for one without using a large and unwieldy dongle...
How on a sec, doesn't the headset need to be set into pairing mode before it makes a handshake with the device it is connecting to? If the bluetooth headset isn't in pairing mode why would it accept a pairing request from another random device/hacker?