Dear All
I am a newbie, please assist me if possible.
I have some questions about bluetooth security.
I am currently doing a project on bluetooth
security and am required to develop some software (with bluetooth hardware)
which can demonstrate bluetooth security weaknesses.
Following are my ideas, please comment
1. I have a silicon wave Bluetooth USB dongle and a
V3 headset, and a Nokia 6600 smartphone. I desire to capture packets sent
between the phone and the headset, without a bluetooth protocol analyser (eg
from mobiwave), so that I can demostrate that a hacker can listen in to
unencrypted voice traffic. Is this possible at all?
hcidump is similar to a protocol analyser, but it
can capture only high level traffic. My guess is that I can use hcitool scan to
get the bluetooth address of the phone and the headset first, and then based on
the addresses attempt to calculate the pseudo random frequency hopping sequence,
so that I can stay in the same frequency as the phone and the headset. Problem
is i don't understand the output of hcidump. Can hcidump capture traffic which
does not belong to the host device?
2. May I know the steps required to reproduce the
work done by Adam Laurie (bluesnarfing) or the Flexilis team(bluesniper)? Will
the test programs provided by the install of BlueZ be good as starting points?
If so, which test program should I focus on? Please provide details if possible.
This is purely for academic purposes.
3. For the program l2ping.c, what is the end result
of the victim phone of running the program? Does it cause the phone to
malfunction?
I ran it and pinged my Sony Ericsson T630. Later my
phone could not initiate a bluetooth connection with my headset. Otherwise
everything else is fine.
I shall be grateful for any assistance.
BlueZ is great software. Keep up the good work.
Teck Ping