Wednesday, October 7, 2009

How to Bluesnarf


Today I shall attempt to answer the most commonly asked question>
how do I Bluesnarf?
Usually, I start by asking back:
1) have you used bluetooth?
2) Have you Bluejacked?
3) Do you know the rules of bluesnarfing?
And if you know all three, I might sometimes show them how to bluesnarf.

Today, I shall jump start the module by showing you guys a relatively more advance software.
Bluediving --> This is esentially a penetration test software.
It contains very basic functions and tests if the phone you are going to bluesnarf can be bluesnarfed.

So for beginners who wants to try bluesnarfing, this is step 1.
If you can get past this, you'll be able to go on to use the more advance bluesnarf wares.

Here's the link to bluediving bluesnarf software

Saturday, September 19, 2009

Bluebugging and Bluesnarfing

Every week or so, I get a request asking me to show them how to bluesnarf.
My policy has never changed. I'm open to showing anyone who is keen how to bluesnarf.
But I have several ground rules

1) Bluesnarfing is not to be used for malicious purposes.
2) It is not meant to be used for bluebugging.
3) IT shall be done at your own risk.
4) You must be keen/ able/ willing to learn simple programming languages.

It it point number 4 which most people never pass. Most people want a simple solution to bluensarfing. But you don't need me to teach you how to bluesnarf if all you want is a simple program to bluesnarf for you.
Just pay a programmer to do it for you.

Now that this is in the open, I think it'll make life easier for everone.

Tuesday, April 28, 2009

The Role of Bluesnarfing

There are people who have predicted the doom of bluetooth tooth attacks like bluesnarfing. Their reasoning is that WiFi will eventually replace the need for bluetooth devices and without bluetooth, it make sense there will be no bluetooth attacks.

While convincing and logical, bluetooth have yet to be phased out long after WiFi is in use. In face, there are more and more devices using bluetooth technology. The main reason: It's free. Unlike wifi which is a overall network and you are just a "user" in the network, you "own the network". You can switch in on and off anytime you like, and you don't have to pay a cent. There is no logic for example to use wifi for connecting with your headset, but bluetooth fits that function perfectly.

In fact, this neglect on the importance of bluetooth has led to an added advantage to bluesnarfers. Because every is concern about their wifi security, they neglect the fact that their short ranged network which is their bluetooth can easier be hacked into for someone who is nearby or even far away but with the right equipment.

The reason why there is little news about bluesnarfing is that there is no good solution to the problem at the moment, save for switching off your bluetooth device.

So my advice is, be careful if you keep confidential information on your bluetooth devices.

Tuesday, March 31, 2009

The second hurdle - encryption

In my previous entry, I talked about the difficulties in getting paired. Essentially, that is the most difficult part. That doesn't mean that there will be no challenges after that.

If you purpose of bluesnarfing is merely for fun like "oh I got paired with the phone" then it ends there. But if you intent to do anything with the phone, then you have to navigate around the the phone with phone controls.

The reason why bluesnarfing is though is because there is no idiot proof software to allow people to bluesnarf. This is also because each phone company/ model and each phone software update uses a different encryption for their software.

This means that unless you already intrinsically understand how phone command work, most simple software don't work.

Is there an easy way out? Yes and no. If you plan to professionally bluesnarf, then you will have to learn the right skills.
But if you only want to bluesnarf a particular model of mobile phone, you could source around for a ready made software meant for those models, or get someone to program it for you.


Tuesday, February 24, 2009

The first Hurdle - Pairing

One of the major hurdle to bluesnarfing is the paring process. Changes in bluetooth software since bluejacking and bluesnarfing appeared has made this process harder.
This means it is harder to gain access to the bluetooth device without actual pairing of the devices

There are several ways which bluesnarfers use to overcome this

1) Actually pair the device. This method is popular as it is the easiest. Just pair the devices once. This means that you have to either convince the person to pair with you once or you have to have access to the phone. Which means you can only do this on someone you already know.
This is sneaky, but most bluetooth software still has the flaw which allows you to gain access to the phone's data without needing to pair with it everything.

2) Hack it. Pairing is a simple 4 of 6 digit code. This is simple to crack. The problem is you cannot crack anything unless the phone already has a paired device. This isn't much of a problem since most bluetooth phones are at least paired with a headset.

3) Bypass it. This was the original way of bluesnafing and cans still be done. Technical skills required to do this are getting higher and higher and i assume (I've not tried personally) that this will be easier in old towns where people mostly use older models of phones.

Just my few cents worth of thoughts :)

Tuesday, February 10, 2009

Where can you learn bluesnarfing?

A lot of people have emailed me and asked me to teach them bluesnarfing. The problem is that my close friends don't ask that of me. Most of the people who do I don't know them well enough.

How then do most people learn how to bluesnarf. There are essentially 2 groups of bluesnafer. The 1st are like me, versed in networking and securities and dabble with bluetooth vulnerabilities for fun. The second group are people who started with bluejacking. After enough fun with that they graduate to bluesnarfing.

The similarities between the 2, most are self learned, or learnt via little pointers here and there from forums or from blogs like mine. I guess the effort involved is quite great, that is probably why there are not that many bluesnarfers around. :)

Monday, January 26, 2009

Super Funny

This Funny man is Offering 500 Euros (Note the Money is on his screen, it's not even a real note) to teach him bluesnarfing.

Sunday, January 25, 2009

Bluesnarfing Software for $2

*** This offer is over****

A fellow bluesnarfer has decided to put up some bluesnarfing software for download

I've briefly look through them, do note the following
1) These are meant for beginners which means it has an advantage of being very easy to use. But this also means software penetration strength is not as good as some other tools.
Do note though I'm not affiliated to his site, so if you're keen click here

Wednesday, January 21, 2009

Bluesnarfing Software

There has been many request for bluesnarfing software. Most sites will not offer these for download for obvious reasons. 1) Bluesnarfing is not exactly legal 2) Ethical issues.

Some of you may laugh, what the heck is the bluesnarfer telling us about ethics. This ethics issue must be discussed in another post. But suffice to say, not all hackers are bad and in fact, many hackers work for the police and security agent to enhance the safety of the masses. The same can almost be said of bluesnarfer.

That said, I'm not sure if some of you managed to find bluesnarfing tools around by yourself. Would be interesting to know. Maybe you can let me know by posting a comment here. Let me know if you tried to find but can't or that you've found. :)

Monday, January 12, 2009

Earning From Bluesnarfing

Is it possible to earn money from bluesnarfing? Of course. I had my friend who deals with internet security asking me this over coffee the other day.
I recounted to him my experiences which I thought I would share here.
I started bluesnarfing for the thrill and fun of it. I had a policy that whatever I did should theoretically do no harm to the "victim" (I know some people would argue with me over this but this is another issue for another day).
This also means I keep out of trouble.

I've had more than 20 offers to help bluesnarf till now. One of the highest amount offered was a good 10k. To bluesnarf the palm device of the of their rival company. And for obvious reasons I rejected the offer.
Majority of them however, came from private incestigations, helping clients look for evidence of spousal betrayal. Again, non of which I took up because I never know what the full story is like.
I don't want to end up snooping on the good guy instead.

So thankfully or not I'm much poorer but also happier and safer without taking up these highly exciting offers. So can you legally earn from bluesnarfing? Of course, because that's part of my job now. I offer consultating services for internet and wireless security to companies. And you bet bluesnarfing is one of my favorite topics. I shall relate how I do bluesnarfing with lots of fun at these events.