trifinite.logo
 trifinite.org | trifinite.blog | trifinite.group | trifinite.stuff | trifinite.trust | trifinite.downloads | trifinite.album | trifinite.links



Recent Articles
Slides for PocketPC MMS Attack
TOSHIBA Security Update
Update: TOSHIBA Advisory
Del(l)icate Issue
What a March

Categories
Personal
trifinite.group
trifinite.misc
trifinite.org
trifinite.stuff

Archives
October 2006
August 2006
June 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
December 2003
November 2003
October 2003

Syndicate this site (XML)
Powered by
Movable Type 3.1

trifinite.blog

The trifinite.blog is a weblog that is maintained by the trifinite.group. Every now and then you will find new entries here. You can add this weblog to your RSS-Feed reader by importing this URI.


Introducing the Car Whisperer at What The Hack

Since Adam and Marcel were at Blackhat and DEFCON in Las Vegas, I had to do the 'Bluetooth Security' talk at What The Hack by myself (and the help of Collin).

After introducing the various Bluetooth security flaws (old and new ones) that were identified mainly by the trifinite.group also a new toool has been released.

This new toool is called The Car Whisperer and allows people equipped with a Linux Laptop and a directional antenna to inject audio to, and record audio from bypassing cars that have an unconnected Bluetooth handsfree unit running. Since many manufacturers use a standard passkey which often is the only authentication that is needed to connect.

This tool allows to interact with other drivers when traveling or maybe used in order to talk to that pushy Audi driver right behind you ;) . It also allows to eavesdrop conversations in the inside of the car by accessing the microphone.

Since the attacker's laptop is fully trusted once it has a valid link key, the laptop could be used in order to access all the services offered on the hands-free unit. Often, phonebooks are stored in these units. I am quite certain that there will be more issues with the security of these systems due to the use of standard passkeys.

See the images from the initial Car Whisperer Experiments in the album.

Posted by Martin Herfurt on Sun, July 31, 2005 at 11:50 AM | Comments (0)

Comments

Post a comment

Thanks for signing in, . Now you can comment. (sign out)

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


Remember me?


 ... because infinite is sometimes not enough ... (c) 2004 by trifinite.group