A security researcher has demonstrated that it’s possible to put together a Bluetooth sniffer out of an inexpensive wireless dongle, raising fresh questions about the security of the wireless technology.
Security researchers have demonstrated a number of methods for cracking Bluetooth devices — which increasingly include laptops and other computers — but such efforts often rely on sniffer hardware that can cost thousands of pounds.
Max Moser, who works as a security tester for Dreamlab Technologies and founded the remote-exploit.org website, says he was surprised to find that nearly all the work carried out by expensive hardware sniffers is implemented in software, not hardware.
That meant he was able to use commercial sniffer software with a modified Bluetooth dongle running on a CSR chipset. Such dongles sell for around £10 (NZ$27) to £20.
“Sniffing Bluetooth is not a matter of expensive hardware, but of proprietary firmware and software,” he says in a recent published analysis.It also means cheap sniffing tools based on easily obtainable hardware and open source software are likely to be close at hand, he says.
“Bluetooth is much more vulnerable to sniffing than expected,” he says.
“This security-through-obscurity approach may have opened the gates for the black hats discovering (Bluetooth) holes before we do.”
Moser was able to modify the ID number of a standard CSR-based Bluetooth dongle, allowing him to install commercial sniffer drivers and firmware on it, he says.
He then modified the MAC address of the modified dongle to match that of the commercial hardware, and the device worked as expected.