From: "Khoo Teck Ping" <eng10166@nus.edu.sg>
To: <bluez-devel@lists.sourceforge.net>
Subject: [Bluez-devel] Project about Bluetooth Security: Request for assistance
Date: Tue, 18 Jan 2005 23:53:42 +0800 [thread overview]
Message-ID: <002f01c4fd75$e647c280$19cb13ac@stu.nus.edu.sg> (raw)
[-- Attachment #1: Type: text/plain, Size: 1883 bytes --]
Dear All
I am a newbie, please assist me if possible.
I have some questions about bluetooth security.
I am currently doing a project on bluetooth security and am required to develop some software (with bluetooth hardware) which can demonstrate bluetooth security weaknesses.
Following are my ideas, please comment
1. I have a silicon wave Bluetooth USB dongle and a V3 headset, and a Nokia 6600 smartphone. I desire to capture packets sent between the phone and the headset, without a bluetooth protocol analyser (eg from mobiwave), so that I can demostrate that a hacker can listen in to unencrypted voice traffic. Is this possible at all?
hcidump is similar to a protocol analyser, but it can capture only high level traffic. My guess is that I can use hcitool scan to get the bluetooth address of the phone and the headset first, and then based on the addresses attempt to calculate the pseudo random frequency hopping sequence, so that I can stay in the same frequency as the phone and the headset. Problem is i don't understand the output of hcidump. Can hcidump capture traffic which does not belong to the host device?
2. May I know the steps required to reproduce the work done by Adam Laurie (bluesnarfing) or the Flexilis team(bluesniper)? Will the test programs provided by the install of BlueZ be good as starting points? If so, which test program should I focus on? Please provide details if possible. This is purely for academic purposes.
3. For the program l2ping.c, what is the end result of the victim phone of running the program? Does it cause the phone to malfunction?
I ran it and pinged my Sony Ericsson T630. Later my phone could not initiate a bluetooth connection with my headset. Otherwise everything else is fine.
I shall be grateful for any assistance.
BlueZ is great software. Keep up the good work.
Teck Ping
[-- Attachment #2: Type: text/html, Size: 3329 bytes --]
next reply other threads:[~2005-01-18 15:53 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-18 15:53 Khoo Teck Ping [this message]
2005-01-18 19:48 ` [Bluez-devel] Project about Bluetooth Security: Request for assistance Marcel Holtmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='002f01c4fd75$e647c280$19cb13ac@stu.nus.edu.sg' \
--to=eng10166@nus.edu.sg \
--cc=bluez-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox