My objective would be to make an application that makes the computer identify as a headset, so I can connect my phone to it and route the audio of the calls to the computer.
I think this is highly related to security. I’m talking about the ability to make a device identify as something else, think about the USB rubber ducky, now replace "USB" with "Bluetooth".
That’s why I posted here. The purpose of doing this would not be anything malicious, I just want to connect my phone to the PC so I can hear the voice of the person calling me on my phone, through the headset connected to my PC:
Phone -> Bluetooth -> Computer -> Headset
For making an (until now, un-) educated guess about the necessity of spending the effort of including the "Bluetooth LE Privacy" feature in a consumer, embedded device’s BT software, I am seeking information about the "necessity" from an information security standpoint of offering this feature – is it useful? does it really solve a security issue or is it already broken?
The BT SIG itself is fairly quiet about this feature besides well-worded blog posts, so shedding a little light on this would help tremendously in making the decision to "go the extra mile" or just leave it aside.
Can someone use your bluetooth for music without knowing thier phone number on a smart phone
I have an old computer and I am sure it has Trojan or malicious code but after that i bought new one the problem is i did not change my old headphone that used in my old computer and i plugged it in the new computer so are there any problem to use my old headphone ? and thank you
I leave in an apartment complex with lots of people and often times, I would be able to see Bluetooth devices that do not belong to me on my iPhone or MacBook when I search for my Bluetooth device. Does Apple Tell you/ask by default before someone with Bluetooth devices tries to Connect to your phone via Bluetooth? Or is this A potential security Vulnerability to leave your iPhone Bluetooth on at all times? (I do since I use AirPods)
I don’t remember setting or seeing any options to set Bluetooth permission on my iphone which makes me nervous.
I received a parcel from Amazon which I did not order, addressed to me. It contained Bluetooth earphones. It may just be part of a brushing scam, but it’s got me curious.
So my question is.. Could a Bluetooth device be disguised as earphones and actually contain malware?
When attempting to connect my phone it appears as an audio device but prompts me to “Allow access to contacts and call history”.
In the context of contact tracing, I have a privacy question.
I have read a few (and “few” is already a bad thing) articles about Bluetooth contact tracing, especially in the context of the Sars-Cov2 pandemic. There are huge privacy concerns in contact tracing.
One solution proposed by reasearchers is to use “changing” device identifiers in order to prevent authorities from tracing an individual’s location history by the usage of beacons in public places or analysis of traces from other devices. The topic is particularly hot in the European Union.
Only question here: regardless of the randomization of the device ID transmitted via Bluetooth, is it already possible to listen for Bluetooth MAC addresses to identify a single device?
Example scenario: in a world where smartphone owners are encouraged to use a legitimate government-powered app (supposed that the government is democratic), a rogue vendor with a large market rate may push a malicious Bleutooth app into their consumer’s phones (a large user base who just clicks on “accept” anything). The malicious app continuosuly scans for Bluetooth MAC identifiers to report home. The addresses are potentially georeferenced. Deanonimyzation might occur.
So far, I have always learned to keep my Bluetooth invisible while I don’t need it and possibly turned off to save battery.
A country or continent-wide contact tracing scheme might be a good excuse to keep Bluetooth on and available for scan.
Question is: what am I getting wrong?
Is it possible for someone to exploit a Raspberry PI running Raspian through bluetooth just by having the bluetooth enabled?
Just for fun, I’ve ping flooded my bluetooth speaker at home using l2ping on Linux and I was unable to connect to it as the pinging continued. I’ve tried flooding my phone and it seems to have received the packets as I got a response (just like the responses i got from my speaker), but I was still able to connect it to my laptop and send files in between. So my question is, why are some devices susceptible to such attack and some not? Is there a mechanism used by my phone that my speaker doesn’t use?
I am currently looking into how to protect a BLE connection from active attacks (man-in-the-middle) if one of the devices neither has a display nor a keyboard.
Lemberg Solutions suggests this:
Alternatively, the passcode can be shipped together with the devices (on paper or as part of an online purchase), and the user should then manually input it to each separate device.
This can only mean that one device (device A) (most likely one without a keyboard and without a display) has a passkey embedded in the device somewhere. So it is static. This static passkey is also used by the other device (device B) (e.g. entered using keyboard input, via camera, …). The same passkey will be used every time BLE pairing is established with device A.
Am I understanding their suggestion correctly?
My understanding of Secure Connections with passkey is, that each device does the following for each bit of the passkey:
- create a nonce
- calculate a confirmation value using: nonce, passkey[i], SK
- exchange the confirmation values with the other device (send own, receive other)
- exchange the nonces (send own, receive other)
- check that the confirmation value of the other device is correct If one of the checks fails, the connection is dropped.
In the case of a man-in-the-middle attack, the attacker can figure out the passkey by “brute-forcing” each bit. After all, there are only two possibilities for each bit.
This is not harmful for the current connection, because the attacker is “too late” to use the passkey. And it is not harmful if a different passkey is used for the next connection. But this is fatal if another connection is made using the same passkey (which is going to happen if a static passkey is used).
So, after the attacker listened to the pairing attempt, she interrupts the connection (e.g. right after the last set of nonces was transmitted). Now she only has to wait until the next connection attempt is made. She can now hijack the whole connection.
Is my assessment of this situation correct and the static passkey is a bad idea or am I overlooking something?