bluetooth 3.0 banner wireless signal waves

Bluetooth Security Forensics 3.0

Bluetooth Passive Recon Update 

The Bluetooth team has completed the recon phase that began at the time of our previous blog post. We successfully enumerated the target devices for Pwnie Express’s BlueHydra; there was some trial and error, but after some hard work we have created the initial foundation we need. The data specifically recorded from each device was its name, its current running version of Bluetooth, and its MAC address (which will be useful in the exploitation phase). We have also investigated whether or not each device was visible on BlueHydra and Btlejuice, noting additional information pertaining to the device itself (e.g. specific methods required for getting it to appear in BlueHydra).

Beginning Exploitation

After gathering enough information about our devices, the time comes for our team to enter the project’s exploitation phase. We will begin by exploring programs and vulnerabilities that will allow us to gather forensic artifacts and manipulate Bluetooth communications. We recently used the “l2ping” command to disable an Anker keyboard. After conducting packet flood, the keyboard’s connection to the Nexus tablet fails and we are no longer able to initiate a connection without physically turning it off and resetting it.

We have also explored disrupting audio transmissions from different speakers. So far, we’ve been able to get the audio to skip, but attempts to shut any of the speakers down have been unsuccessful. Research into methods using Btlejuice has been fruitless so far, but we reached out to the creator of Btlejuice for advice on how to address the issues we have been encountering. Meanwhile, some of the team has split off to begin researching GATTack, another utility for Bluetooth exploitation.

Conclusion

In the coming weeks, the team hopes to find a way to use Btlejuice or GATTack as a platform which can run a successful exploitation; we intend to continue the project with that tool. We are also currently looking into Internet of Things (IOT) devices to use as our final testing device. Keep an eye out for our next blog post to see what we do next!
Questions or comments? Please share with us in the comment section below! You can also reach out to our Twitter and Facebook or email us at lcdi@champlain.edu. Also don’t forget to read our Blogs!