Tuesday, February 24, 2009

The first Hurdle - Pairing

One of the major hurdle to bluesnarfing is the paring process. Changes in bluetooth software since bluejacking and bluesnarfing appeared has made this process harder.
This means it is harder to gain access to the bluetooth device without actual pairing of the devices

There are several ways which bluesnarfers use to overcome this

1) Actually pair the device. This method is popular as it is the easiest. Just pair the devices once. This means that you have to either convince the person to pair with you once or you have to have access to the phone. Which means you can only do this on someone you already know.
This is sneaky, but most bluetooth software still has the flaw which allows you to gain access to the phone's data without needing to pair with it everything.

2) Hack it. Pairing is a simple 4 of 6 digit code. This is simple to crack. The problem is you cannot crack anything unless the phone already has a paired device. This isn't much of a problem since most bluetooth phones are at least paired with a headset.

3) Bypass it. This was the original way of bluesnafing and cans still be done. Technical skills required to do this are getting higher and higher and i assume (I've not tried personally) that this will be easier in old towns where people mostly use older models of phones.

Just my few cents worth of thoughts :)

3 comments:

Anonymous said...

sneaky

Dam Ripp said...

what i do is make my bluetooth mobile's name something like "passcode 0000" or "123456" usually if the user is asked for a passcode they'll enter one of those.

Val said...

really i don't know what you mean.
Your bluetooth name is simply what you want to key in