Re: [Full-disclosure] Bluetooth keyloggers?

[Thierry Zoller]

Hi,
SM> * Remote discovery of these devices (active and passive) via
SM> bluetooth, localhost device discovery, any other means, etc.
Passive detection is always possible
Active (as in scan(query) detection depends on keylogger setup - I would guess 
no

SM> * Countermeasures, any and all, including isolated "jamming" and, if
SM> feasible, control of data flow or "injection" of false data
Jamming is always possible, injection depends on protocol usage



-- 
http://secdev.zoller.lu
Thierry Zoller

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Bluetooth keyloggers?

[Michael Holstein]

> Just wondering if anyone has technical feedback/musings on the
> emerging bluetooth keyloggers available, such as the following
> products:
>   

Yeah .. use a USB keyboard ;)

> * Remote discovery of these devices (active and passive) via
> bluetooth, localhost device discovery, any other means, etc.
>   

Bluesniff can discover devices (including non-discoverable ones, if 
they're active) .. much like you can find wifi devices even if the SSID 
is hidden. Even though BT is encrypted, you can still see the frames at L2.

They can also be found the same way one find hidden 2.4ghz cameras .. 
using spectrum analyzers (I have an icom handheld that does this 
marginally well if you're close enough).

> * Countermeasures, any and all, including isolated "jamming" and, if
> feasible, control of data flow or "injection" of false data
>   

Well, if you're willing to throw the "Part B" rules out the window .. 
any broadband noise generator tuned to the appropriate frequency will 
work. Most of the cheap-o Chinese jammers for Cellphone/GPS are just a 
simple VCO and amplifier .. easy to tune into the appropriate band.

As for injection .. with the bluejacking tools you can force a 
re-pairing, and then bruteforce. Since the devices you link to are 
designed to be passive, I'd imagine they'd automatically re-pair (versus 
a phone, which would prompt the user to do something).

> * Real-world performance in light of interference (signal and obstacles)
>   

bluetooth dongle to my Samsung cellphone works ~20' in a typical office. 
Their statement about a "football field" is only true if you were 
actually in an open field.

> * Any other "stuff" -- honeypots, long-distance snarfage, creative
> applications, automation, etc. ;-)
>
>   

.. a 24db parabolic plus a bluetooth dongle modded for an external 
antenna can give you several hundred feet, easily.


Cheers,

Michael Holstein CISSP GCIA
Cleveland State University

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Bluetooth keyloggers?

[Shawn Merdinger]

Hi List,

Just wondering if anyone has technical feedback/musings on the
emerging bluetooth keyloggers available, such as the following
products:

1.  http://www.wirelesskeylogger.com/index.php
2.  http://www.keyear.com/articles_pages/BTKeyEar2.html
4.  Other commercially offered products?
3.  Any custom kit/gear folks have cooked up, and are willing to talk
about, brining to a conference, etc.?

Specifically I'm looking to find out more concerning these attributes:

* Remote discovery of these devices (active and passive) via
bluetooth, localhost device discovery, any other means, etc.
* Countermeasures, any and all, including isolated "jamming" and, if
feasible, control of data flow or "injection" of false data
* Fingerprinting (a la "Blueprinting" -
http://trifinite.org/trifinite_stuff_blueprinting.html)
* Real-world performance in light of interference (signal and obstacles)
* Any other "stuff" -- honeypots, long-distance snarfage, creative
applications, automation, etc. ;-)

Off list comments are fine too.

Cheers,
--scm

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/