Tuesday, February 24, 2009

The first Hurdle - Pairing

One of the major hurdle to bluesnarfing is the paring process. Changes in bluetooth software since bluejacking and bluesnarfing appeared has made this process harder.
This means it is harder to gain access to the bluetooth device without actual pairing of the devices

There are several ways which bluesnarfers use to overcome this

1) Actually pair the device. This method is popular as it is the easiest. Just pair the devices once. This means that you have to either convince the person to pair with you once or you have to have access to the phone. Which means you can only do this on someone you already know.
This is sneaky, but most bluetooth software still has the flaw which allows you to gain access to the phone's data without needing to pair with it everything.

2) Hack it. Pairing is a simple 4 of 6 digit code. This is simple to crack. The problem is you cannot crack anything unless the phone already has a paired device. This isn't much of a problem since most bluetooth phones are at least paired with a headset.

3) Bypass it. This was the original way of bluesnafing and cans still be done. Technical skills required to do this are getting higher and higher and i assume (I've not tried personally) that this will be easier in old towns where people mostly use older models of phones.

Just my few cents worth of thoughts :)

Tuesday, February 10, 2009

Where can you learn bluesnarfing?

A lot of people have emailed me and asked me to teach them bluesnarfing. The problem is that my close friends don't ask that of me. Most of the people who do I don't know them well enough.

How then do most people learn how to bluesnarf. There are essentially 2 groups of bluesnafer. The 1st are like me, versed in networking and securities and dabble with bluetooth vulnerabilities for fun. The second group are people who started with bluejacking. After enough fun with that they graduate to bluesnarfing.

The similarities between the 2, most are self learned, or learnt via little pointers here and there from forums or from blogs like mine. I guess the effort involved is quite great, that is probably why there are not that many bluesnarfers around. :)