Hackszine.com: Eavesdropping on Bluetooth headsets

Eavesdropping on Bluetooth headsets

Here's a short video in which Joshua Wright demonstrates how a Bluetooth headset can be hijacked, allowing audio to be captured or sent to the device:

Few users realize that Bluetooth headsets can be exploited granting a remote attacker the ability to record and inject audio through the headset while the device is not in an active call. SANS Institute author and senior instructor Joshua Wright demonstrates.

All that is necessary is knowing the device address, which can be easily sniffed, and the secret pin, which defaults to 0000. The headset audio is tapped while not in a call, so any room conversation the headset's mic can pick up can potentially be listened to remotely.

Posted by Jason Striegel | Dec 30, 2007 02:06 PM
Mobile Phones, Network Security, Wireless | Permalink | Comments (18)

Comments

Newest comments listed first.

Posted by: edisson calderon on December 31, 2007 at 4:47 PM

thanks for the video, it is very good information.

Posted by: Bob on December 31, 2007 at 5:17 PM

LAME!

Posted by: kidmidnight on December 31, 2007 at 5:20 PM

holy crap, that dude is a freaking sissy

Posted by: fagmidnight on December 31, 2007 at 5:33 PM

holy crap, that sissy just listened to you having phone sex with your gay boyfriend

Posted by: Jinder on December 31, 2007 at 6:28 PM

Nicely done, well presented.

Posted by: peter guszti on December 31, 2007 at 6:33 PM

, Yeah I have a wireless blootooth headset, and its great. i think they started selling like 30% more the last year., I also posted it on my blog with extra coments,www.opentopix.com/topic/gadgets/bluetooth-wireless-headsets-boom

Posted by: Ryan on December 31, 2007 at 7:00 PM

All 3 of my bluetooth headsets will only pair when it is put in a special "pair mode" (typically by holding the power button for 10 seconds or more).

I'd be interested if this attack will work on devices with this "feature".

Posted by: JD on December 31, 2007 at 7:01 PM

umm, I call BS for a few reasons.

1) The pin is used to associate two devices (the handshake) not for ongoing communication.
2) Once the headset has been associated to the device, it cannot be re-associated to another device while the first device is still active. So I would have to turn my phone off.
3) Even though you may be able to send a signal with that super nifty antenna, you most likely will not be able to receive the signal back unless they have a similar antenna.

You're more at risk with the FBI being able to remotely activate your mic.

Posted by: CDog on December 31, 2007 at 9:59 PM

Brown University Baby!

Posted by: Matt on January 1, 2008 at 3:57 PM

wow, brown university...

Posted by: bob on January 1, 2008 at 5:41 PM

did he get her number

Posted by: * on January 2, 2008 at 2:18 PM

ghey is the correct terminology, kidmidnight.

Posted by: lo on January 3, 2008 at 7:09 AM

Didnt even watch the video because it sounds so retarded.

Posted by: miso on January 3, 2008 at 1:58 PM

very good blog :)

Posted by: lol on January 3, 2008 at 5:30 PM

lame

Posted by: Karl Moerder on January 5, 2008 at 6:55 PM

This guy is more annoying and effeminate than me !

Posted by: asdas on January 10, 2008 at 5:45 PM

Recently,we have tailored the unique wow gold

Posted by: nocti on February 1, 2008 at 7:24 PM

ignore the other comments. good presentation. good info. those who think that this is lame are skr1pt k1dd1ez who just want it point-n-click so they can use it...