Sep 2004
3 mins read
Since Adam Laurie’s BlueSnarf experiment and the subsequent BlueBug experiment it is proven that some Bluetooth-enabled phones have security issues. Until now, attackers need laptops for the snarfing of other people’s information. Unless attackers do a long-distance-snarf, people would see that there is somebody with a laptop trying to do strange things. Blooover is a proof-of-concept tool that is intended to run on J2ME-enabled cell phones that appear to be comparably seamless. Blooover is a tool that is intended to serve as an audit tool that people can use to check whether their phones and phones of friends and employees are vulnerable.
Since the application runs on handheld devices and sucks information, it has been called Blooover (derived from Bluetooth Hoover).
We had some objections to release a tool that actually does a bluebug-attack before eventual victims were not in the position of doing something against it. Now, that Nokia announced a firmware upgrade for their vulnerable models, these objections are no longer present.
Here you find the Blooover tool as a .jar file for download. It is supposed to run on every phone that is equipped with a J2ME MIDP 2.0 VM and an implemented JSR-82 API (important for Bluetooth access). As far as I know, the Nokia 6600, Nokia 7610, Sony Ericsson P900, Siemens S65 (and probably al consequent phones of the mentioned manufacturers) do fulfill these requirements.
By now, Blooover has been downloaded times (figure is updated hourly).
When you intend to install the application, you should be using a phone that has the Java Bluetooth API implemented. Phones with this feature are listed on this, very useful page.
Once you downloaded the file, make sure that it is called Bloover.jar (not Blooover.zip). After this you can either transfer the application to your phone via (1) the phone software on your pc, or (2) via Obex Push over Bluetooth or (3) via OTA (over-the-air application provisioning) which will use your phone’s data services.
Please use this Proof-of-Concept application responsible !
Blooover - J2ME phone auditing tool
(runs on phones with MIDP 2.0 and JSR-82 (Bluetooth API))
by Martin Herfurt
more information on the Blooover project page
Blooover Theme - a theme for Series60 phones
by Martin Herfurt
Download sis file
created in March 2005
Desktop Background - Blooover iSee
Right on time for x-mas and for the upcoming release of the
Blooover tool at the 21C3 congress in the end of December 2004.
Resolution 800x600
Resolution 1024x768
Resolution 1400x1050
Resolution 1600x1200
created in December 2004
The Blooover application is a Proof-of-Concept auditing tool that is not intended to exploit eventual victims financially. Therefore, it is not possible to send SMS messages and it is only possible to initiate calls and do call forwards to numbers that are free of charge to the calling device.
For questions about the Blooover application, feel free to ask Martin Herfurt.
Sharing is caring!