Laurie's BlueSnarf experiment and the subsequent BlueBug experiment it is proven that
some Bluetooth-enabled phones have
security issues. Until now, attackers need laptops for the snarfing
of other people's information. Unless attackers do a long-distance-snarf,
people would see that there is somebody with a laptop trying to
do strange things. Blooover is a proof-of-concept tool that is
intended to run on J2ME-enabled cell phones that appear to be
comparably seamless. Blooover is a tool that is intended to serve
as an audit tool that
to check whether their phones and phones of friends and employees
Since the application runs on handheld devices and sucks information,
it has been called Blooover (derived from Bluetooth Hoover).
We had some objections to release a tool that actually does a
bluebug-attack before eventual victims were not in the position
of doing something against it. Now, that Nokia announced a f
upgrade for their vulnerable models, these objections are no longer
Here you find the Blooover tool as a .jar file for download. It
is supposed to run on every phone that is equipped with a J2ME
MIDP 2.0 VM and an implemented JSR-82 API (important for Bluetooth
access). As far as I know, the Nokia 6600, Nokia 7610, Sony Ericsson
P900, Siemens S65 (and probably al consequent phones of the mentioned
manufacturers) do fulfill these requirements.
By now, Blooover has been downloaded times
(figure is updated hourly).
When you intend to install the application, you should be using
a phone that has the Java Bluetooth API implemented. Phones with
this feature are listed on this, very useful page.
Once you downloaded the file, make sure that it is called Bloover.jar
(not Blooover.zip). After this you can either transfer the application
to your phone via (1) the phone software on your pc, or (2) via
Obex Push over Bluetooth or (3) via OTA (over-the-air application
provisioning) which will use your phone's data services.
Please use this Proof-of-Concept application responsible !
The Blooover application is a Proof-of-Concept auditing tool that
is not intended to exploit eventual victims financially. Therefore,
it is not possible to send SMS messages and it is only possible
to initiate calls and do call forwards to numbers that are free
of charge to the calling device.
For questions about the Blooover application, feel free to ask Martin