Hacking Bluetooth With a USB Stick

European researchers have built a Bluetooth sniffer on a $30 USB dongle

If there's one thing that has precluded hackers and researchers from finding many bugs in Bluetooth, it's been the $10,000 price tag of the sniffer tools involved. But look out: European researchers have now broken that price barrier with a prototype sniffer based on a $30 Bluetooth USB dongle. (See New Hacking Tools Bite Bluetooth and Bluetooth Security Worse Than WiFi.)

The dongle's developers say their finding opens the door for open-source freebie sniffing tools for Bluetooth researchers. In fact, they were able to crack a commercial sniffer package (the name of which they wouldn't disclose) and copy and load it onto the USB stick.

Max Moser, founder of remote-exploit.org, and security analyst and tester for Dreamlab Technologies, says he decided to investigate the possibility of transforming a USB Bluetooth dongle into a Bluetooth sniffer after hearing rumors that it might be possible.

"The bar to find such bugs has been lowered considerably as the price is no longer an issue," says Thierry Zoller, a security engineer with n.runs AG and Bluetooth security expert who assisted Moser in his research. "And as raw access to devices is granted this way, we may see Bluetooth fuzzers soon."

The hack was conducted using a Cambridge Silicon Radio (CSR) chip-based USB dongle, flash memory, and Bluetooth 2.X technology, Zoller says.

With Bluetooth, each device is an access point itself, and therefore an entry point into the local area network. And as Bluetooth devices spread beyond headsets and onto laptops and other equipment, the wireless technology will become a more attractive target for attackers, security experts say.

Moser says the USB-based sniffer lets you eavesdrop on a Bluetooth communication session. And that's only the beginning: Combined with Zoller's Bluetooth PIN-hacking tool -- BTCrack -- or similar tools, an attacker could access encrypted data and control Bluetooth devices. On the flip side, there's no way for a user to protect himself, except to run it in a "controlled" or isolated environment, he says.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights