SlideShare ist ein Scribd-Unternehmen logo

Hacking Backtrak Mobile

Novizul Evendi
Novizul Evendi

at UII

TechnologieBusiness
1 von 16
Downloaden Sie, um offline zu lesen
HackingHacking MobileMobile Novizul Evendi FO Techno-OS & T'Lab
Outline ● Introduce ● Bluetooth Hacking ● Internet Conection Hacking ● Remote Hacking ● Backtrak On Phone Hacking
Introduce
Bluetooth Hacking Hacking Bluetooh enabled mobile phones and beyond – Wire replacement technology – Low power – Short range 10m - 100m – 2.4 GHz – 1 Mb/s data rate
Bluetooth Hacking Architecture – Hardware layer ● Radio, Baseband and Link Manager ● Access through Host Controller Interface – Hardware abstraction – Standards for USB and UART – Host protocol stack ● L2CAP, RFCOMM, BNEP, AVDTP etc. – Profile implementations ● Serial Port, Dialup, PAN, HID etc.
Bluetooth Hacking Bluetooth Protocol Stack
Bluetooth Hacking – Trivial OBEX PUSH channel attack ● obexapp (FreeBSD) ● PULL known objects instead of PUSH ● No authentication – IrMC (Specifications for Ir Mobile Communications) ● Infrared Data Association – e.g. telecom/pb.vcf – Ericsson R520m, T39m, T68 – Sony Ericsson T68i, T610, Z1010 – Nokia 6310, 6310i, 8910, 8910i
Bluetooth Hacking – Early adopters abuse 'Name' field to send message – Now more commonly send 'Business Card' with message via OBEX – 'Toothing' - Casual sexual liasons
Bluetooth Hacking HelloMoto – Requires entry in 'Device History' – OBEX PUSH to create entry – Connect RFCOMM to Handsfree or Headset ● No Authentication required ● Full AT command set access – Motorola V80, V5xx, V6xx and E398
Bluetooth Hacking Blooover is performing the BlueBug attack ● Reading phonebooks ● Writing phonebook entries ● Reading/decoding SMS stored on the device (buggy..) ● Setting Call forward (predef. Number) +49 1337 7001 ● Initiating phone call (predef. Number) 0800 2848283 – Not working well on Nokia phones :( but on some T610
Bluetooth Hacking – How come!? ● Various Manufacturers poorly implemented the Bluetooth security mechanisms ● Unpublished services on RFCOMM channels – Not announced via SDP – Connecting to unpublished HS service without pairing! ● Nokia has quite a lot of models (6310, 6310i, 8910,8910i,...) ● Sony Ericsson T86i, T610, ... ● Motorola has similar problems (see HeloMoto)
Internet Conection Hacking ● Bluetooth Dialup (wvdial etc.) ● PAN Sharing internet ● Bluetooth/cable to Wifi ad hoc ● Tethering ● Etc
Remote Hacking ● Remote PC (anyremote, etc) – Get Desktop – Control PC – Etc ● Remote Server (java, sisx, etc) – Putty – FloydSSH – MidpSSH – etc
On Phone Hacking ● Gitbrew has been able to install Backtrack 5 on a rooted Android phone ● By using Debdroid, users run Linux distros built for ARM devices.
:Visit Me at . . .www tlab co id . - .www techno os net End :Contact Me at @ . .karuwak tlab co id = .Ym Novizul karuwak Powerd by T'Lab Technology Open Source Laboratory
Live Demo!!

Empfohlen

St58 t8vc specification-www.ttbvs.com
St58 t8vc specification-www.ttbvs.comSt58 t8vc specification-www.ttbvs.com
St58 t8vc specification-www.ttbvs.com
TTBVS
 
Web Presentation Week11
Web Presentation Week11Web Presentation Week11
Web Presentation Week11
guest8732a6
 
Wall mounted ip network adapter t 7805 a
Wall mounted ip network adapter t 7805 aWall mounted ip network adapter t 7805 a
Wall mounted ip network adapter t 7805 a
Trimatrik Multimedia
 
Hacking routers as Web Hacker
Hacking routers as Web HackerHacking routers as Web Hacker
Hacking routers as Web Hacker
HeadLightSecurity
 
All your Bluetooth is belong to us - the rest too.
All your Bluetooth is belong to us - the rest too.All your Bluetooth is belong to us - the rest too.
All your Bluetooth is belong to us - the rest too.
Thierry Zoller
 
Kavya racharla ndh-naropanth_fin
Kavya racharla ndh-naropanth_finKavya racharla ndh-naropanth_fin
Kavya racharla ndh-naropanth_fin
PacSecJP
 
T 6700 series four channel ip network audio adapter (rack mount) t-6704
T 6700 series four channel ip network audio adapter (rack mount) t-6704T 6700 series four channel ip network audio adapter (rack mount) t-6704
T 6700 series four channel ip network audio adapter (rack mount) t-6704
Trimatrik Multimedia
 
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
CODE BLUE
 

Empfohlen

St58 t8vc specification-www.ttbvs.com
St58 t8vc specification-www.ttbvs.comSt58 t8vc specification-www.ttbvs.com
St58 t8vc specification-www.ttbvs.com
TTBVS
 
Web Presentation Week11
Web Presentation Week11Web Presentation Week11
Web Presentation Week11
guest8732a6
 
Wall mounted ip network adapter t 7805 a
Wall mounted ip network adapter t 7805 aWall mounted ip network adapter t 7805 a
Wall mounted ip network adapter t 7805 a
Trimatrik Multimedia
 
Hacking routers as Web Hacker
Hacking routers as Web HackerHacking routers as Web Hacker
Hacking routers as Web Hacker
HeadLightSecurity
 
All your Bluetooth is belong to us - the rest too.
All your Bluetooth is belong to us - the rest too.All your Bluetooth is belong to us - the rest too.
All your Bluetooth is belong to us - the rest too.
Thierry Zoller
 
Kavya racharla ndh-naropanth_fin
Kavya racharla ndh-naropanth_finKavya racharla ndh-naropanth_fin
Kavya racharla ndh-naropanth_fin
PacSecJP
 
T 6700 series four channel ip network audio adapter (rack mount) t-6704
T 6700 series four channel ip network audio adapter (rack mount) t-6704T 6700 series four channel ip network audio adapter (rack mount) t-6704
T 6700 series four channel ip network audio adapter (rack mount) t-6704
Trimatrik Multimedia
 
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
CODE BLUE
 
Wireless security
Wireless securityWireless security
Wireless security
Aurobindo Nayak
 
T 7800 series ip pa sytem amplifier t-7860 t-78120 t-78240 t-78350 t-78500
T 7800 series ip pa sytem amplifier t-7860 t-78120 t-78240 t-78350 t-78500T 7800 series ip pa sytem amplifier t-7860 t-78120 t-78240 t-78350 t-78500
T 7800 series ip pa sytem amplifier t-7860 t-78120 t-78240 t-78350 t-78500
Trimatrik Multimedia
 
Encryption
EncryptionEncryption
Encryption
Fiza Arslan
 
Internet of Things - Breaking 20 devices in 20 minutes preview
Internet of Things - Breaking 20 devices in 20 minutes previewInternet of Things - Breaking 20 devices in 20 minutes preview
Internet of Things - Breaking 20 devices in 20 minutes preview
Swapnil Deshmukh
 
Hijacking bluetooth headsets
Hijacking bluetooth headsetsHijacking bluetooth headsets
Hijacking bluetooth headsets
n|u - The Open Security Community
 
Tor project and Darknet Report
Tor project and Darknet ReportTor project and Darknet Report
Tor project and Darknet Report
Ahmed Mater
 
St5819 vc specification-www.ttbvs.com
St5819 vc specification-www.ttbvs.comSt5819 vc specification-www.ttbvs.com
St5819 vc specification-www.ttbvs.com
TTBVS
 
Security in today's World
Security in today's WorldSecurity in today's World
Security in today's World
Marian Marinov
 
Mobile Growth Hacking w/ Branch Metrics
Mobile Growth Hacking w/ Branch MetricsMobile Growth Hacking w/ Branch Metrics
Mobile Growth Hacking w/ Branch Metrics
Wei-Ling Anny Hsu
 
Wireless Hacking Fast Track
Wireless Hacking Fast TrackWireless Hacking Fast Track
Wireless Hacking Fast Track
Novizul Evendi
 
E-commerce
E-commerceE-commerce
E-commerce
Novizul Evendi
 
Outline course Backtrak Pentest
Outline course Backtrak PentestOutline course Backtrak Pentest
Outline course Backtrak Pentest
Novizul Evendi
 
T'Lab
T'LabT'Lab
T'Lab
Novizul Evendi
 
Dialog Technoprener
Dialog Technoprener Dialog Technoprener
Dialog Technoprener
Novizul Evendi
 
Small servers
Small serversSmall servers
Small servers
Albin Sebastian
 
Information System Security
Information System SecurityInformation System Security
Information System Security
Novizul Evendi
 
Hacking Is Not Always a Crime
Hacking Is Not Always a CrimeHacking Is Not Always a Crime
Hacking Is Not Always a Crime
Novizul Evendi
 
Modul praktikum hardware dan software
Modul praktikum hardware dan softwareModul praktikum hardware dan software
Modul praktikum hardware dan software
joko2016
 
Modul teknisi komputer kursus
Modul teknisi komputer kursusModul teknisi komputer kursus
Modul teknisi komputer kursus
alpi sahrin
 
Virtualisasi Hacking
Virtualisasi HackingVirtualisasi Hacking
Virtualisasi Hacking
Novizul Evendi
 
Cehv8 - Module 16: Hacking Mobile Platforms
Cehv8 - Module 16: Hacking Mobile PlatformsCehv8 - Module 16: Hacking Mobile Platforms
Cehv8 - Module 16: Hacking Mobile Platforms
Vuz Dở Hơi
 
Growth Hacking Mobile App
Growth Hacking Mobile AppGrowth Hacking Mobile App
Growth Hacking Mobile App
Empatika
 

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (8)

Wireless security
Wireless securityWireless security
Wireless security
 
T 7800 series ip pa sytem amplifier t-7860 t-78120 t-78240 t-78350 t-78500
T 7800 series ip pa sytem amplifier t-7860 t-78120 t-78240 t-78350 t-78500T 7800 series ip pa sytem amplifier t-7860 t-78120 t-78240 t-78350 t-78500
T 7800 series ip pa sytem amplifier t-7860 t-78120 t-78240 t-78350 t-78500
 
Encryption
EncryptionEncryption
Encryption
 
Internet of Things - Breaking 20 devices in 20 minutes preview
Internet of Things - Breaking 20 devices in 20 minutes previewInternet of Things - Breaking 20 devices in 20 minutes preview
Internet of Things - Breaking 20 devices in 20 minutes preview
 
Hijacking bluetooth headsets
Hijacking bluetooth headsetsHijacking bluetooth headsets
Hijacking bluetooth headsets
 
Tor project and Darknet Report
Tor project and Darknet ReportTor project and Darknet Report
Tor project and Darknet Report
 
St5819 vc specification-www.ttbvs.com
St5819 vc specification-www.ttbvs.comSt5819 vc specification-www.ttbvs.com
St5819 vc specification-www.ttbvs.com
 
Security in today's World
Security in today's WorldSecurity in today's World
Security in today's World
 

Andere mochten auch

Mobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareMobile hacking, pentest, and malware
Mobile hacking, pentest, and malware
Ammar WK
 

Andere mochten auch (19)

Mobile Growth Hacking w/ Branch Metrics
Mobile Growth Hacking w/ Branch MetricsMobile Growth Hacking w/ Branch Metrics
Mobile Growth Hacking w/ Branch Metrics
 
Wireless Hacking Fast Track
Wireless Hacking Fast TrackWireless Hacking Fast Track
Wireless Hacking Fast Track
 
E-commerce
E-commerceE-commerce
E-commerce
 
Outline course Backtrak Pentest
Outline course Backtrak PentestOutline course Backtrak Pentest
Outline course Backtrak Pentest
 
T'Lab
T'LabT'Lab
T'Lab
 
Dialog Technoprener
Dialog Technoprener Dialog Technoprener
Dialog Technoprener
 
Small servers
Small serversSmall servers
Small servers
 
Information System Security
Information System SecurityInformation System Security
Information System Security
 
Hacking Is Not Always a Crime
Hacking Is Not Always a CrimeHacking Is Not Always a Crime
Hacking Is Not Always a Crime
 
Modul praktikum hardware dan software
Modul praktikum hardware dan softwareModul praktikum hardware dan software
Modul praktikum hardware dan software
 
Modul teknisi komputer kursus
Modul teknisi komputer kursusModul teknisi komputer kursus
Modul teknisi komputer kursus
 
Virtualisasi Hacking
Virtualisasi HackingVirtualisasi Hacking
Virtualisasi Hacking
 
Cehv8 - Module 16: Hacking Mobile Platforms
Cehv8 - Module 16: Hacking Mobile PlatformsCehv8 - Module 16: Hacking Mobile Platforms
Cehv8 - Module 16: Hacking Mobile Platforms
 
Growth Hacking Mobile App
Growth Hacking Mobile AppGrowth Hacking Mobile App
Growth Hacking Mobile App
 
Mobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareMobile hacking, pentest, and malware
Mobile hacking, pentest, and malware
 
Hacking Mobile Apps
Hacking Mobile AppsHacking Mobile Apps
Hacking Mobile Apps
 
10 Growth Hacks for Mobile Apps
10 Growth Hacks for Mobile Apps10 Growth Hacks for Mobile Apps
10 Growth Hacks for Mobile Apps
 
Mobile Hacking
Mobile HackingMobile Hacking
Mobile Hacking
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 

Ähnlich wie Hacking Backtrak Mobile

Bluetooth Aplication
Bluetooth AplicationBluetooth Aplication
Bluetooth Aplication
Er Bhaduri
 

Ähnlich wie Hacking Backtrak Mobile (20)

Bluetooth1
Bluetooth1Bluetooth1
Bluetooth1
 
Hack.lu 2006 - All your Bluetooth is belong to us
Hack.lu 2006 - All your Bluetooth is belong to usHack.lu 2006 - All your Bluetooth is belong to us
Hack.lu 2006 - All your Bluetooth is belong to us
 
IoT transport protocols
IoT transport protocolsIoT transport protocols
IoT transport protocols
 
IoT transport protocols
IoT transport protocolsIoT transport protocols
IoT transport protocols
 
Bluejacking ppt.pptx
Bluejacking ppt.pptxBluejacking ppt.pptx
Bluejacking ppt.pptx
 
Bluetooth
BluetoothBluetooth
Bluetooth
 
Bluejacking ppt
Bluejacking pptBluejacking ppt
Bluejacking ppt
 
Bluetooth Technology
Bluetooth TechnologyBluetooth Technology
Bluetooth Technology
 
Bluetooth Aplication
Bluetooth AplicationBluetooth Aplication
Bluetooth Aplication
 
Mastering your home network - Do It Yourself
Mastering your home network - Do It YourselfMastering your home network - Do It Yourself
Mastering your home network - Do It Yourself
 
WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017
 
2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different things2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different things
 
Bluetooth.ppt
Bluetooth.pptBluetooth.ppt
Bluetooth.ppt
 
23c3 Bluetooth hacking revisited
23c3 Bluetooth hacking revisited23c3 Bluetooth hacking revisited
23c3 Bluetooth hacking revisited
 
R1x g17 bluetooth i
R1x g17 bluetooth iR1x g17 bluetooth i
R1x g17 bluetooth i
 
Attack presentation
Attack presentationAttack presentation
Attack presentation
 
Bluetooth technology
Bluetooth technologyBluetooth technology
Bluetooth technology
 
Cisco ip phone 8800 series datasheet
Cisco ip phone 8800 series datasheetCisco ip phone 8800 series datasheet
Cisco ip phone 8800 series datasheet
 
BLUETOOTH.ppt
BLUETOOTH.pptBLUETOOTH.ppt
BLUETOOTH.ppt
 
Bluetooth
BluetoothBluetooth
Bluetooth
 

Kürzlich hochgeladen

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 

Kürzlich hochgeladen (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

Hacking Backtrak Mobile

  • 2. Outline ● Introduce ● Bluetooth Hacking ● Internet Conection Hacking ● Remote Hacking ● Backtrak On Phone Hacking
  • 4. Bluetooth Hacking Hacking Bluetooh enabled mobile phones and beyond – Wire replacement technology – Low power – Short range 10m - 100m – 2.4 GHz – 1 Mb/s data rate
  • 5. Bluetooth Hacking Architecture – Hardware layer ● Radio, Baseband and Link Manager ● Access through Host Controller Interface – Hardware abstraction – Standards for USB and UART – Host protocol stack ● L2CAP, RFCOMM, BNEP, AVDTP etc. – Profile implementations ● Serial Port, Dialup, PAN, HID etc.
  • 7. Bluetooth Hacking – Trivial OBEX PUSH channel attack ● obexapp (FreeBSD) ● PULL known objects instead of PUSH ● No authentication – IrMC (Specifications for Ir Mobile Communications) ● Infrared Data Association – e.g. telecom/pb.vcf – Ericsson R520m, T39m, T68 – Sony Ericsson T68i, T610, Z1010 – Nokia 6310, 6310i, 8910, 8910i
  • 8. Bluetooth Hacking – Early adopters abuse 'Name' field to send message – Now more commonly send 'Business Card' with message via OBEX – 'Toothing' - Casual sexual liasons
  • 9. Bluetooth Hacking HelloMoto – Requires entry in 'Device History' – OBEX PUSH to create entry – Connect RFCOMM to Handsfree or Headset ● No Authentication required ● Full AT command set access – Motorola V80, V5xx, V6xx and E398
  • 10. Bluetooth Hacking Blooover is performing the BlueBug attack ● Reading phonebooks ● Writing phonebook entries ● Reading/decoding SMS stored on the device (buggy..) ● Setting Call forward (predef. Number) +49 1337 7001 ● Initiating phone call (predef. Number) 0800 2848283 – Not working well on Nokia phones :( but on some T610
  • 11. Bluetooth Hacking – How come!? ● Various Manufacturers poorly implemented the Bluetooth security mechanisms ● Unpublished services on RFCOMM channels – Not announced via SDP – Connecting to unpublished HS service without pairing! ● Nokia has quite a lot of models (6310, 6310i, 8910,8910i,...) ● Sony Ericsson T86i, T610, ... ● Motorola has similar problems (see HeloMoto)
  • 12. Internet Conection Hacking ● Bluetooth Dialup (wvdial etc.) ● PAN Sharing internet ● Bluetooth/cable to Wifi ad hoc ● Tethering ● Etc
  • 13. Remote Hacking ● Remote PC (anyremote, etc) – Get Desktop – Control PC – Etc ● Remote Server (java, sisx, etc) – Putty – FloydSSH – MidpSSH – etc
  • 14. On Phone Hacking ● Gitbrew has been able to install Backtrack 5 on a rooted Android phone ● By using Debdroid, users run Linux distros built for ARM devices.
  • 15. :Visit Me at . . .www tlab co id . - .www techno os net End :Contact Me at @ . .karuwak tlab co id = .Ym Novizul karuwak Powerd by T'Lab Technology Open Source Laboratory