Bluetooth Hacking: The Most Vulnerable Data Transmission Protocol! (Part 3)

Bluetooth technology is often overlooked by security experts and bug hunters compared to other protocols. The highly selective and fragmented nature of Bluetooth-based devices means that some may never issue secure updates.

It will take weeks or months for some product manufacturers to apply updates to the of the software, while others may never release security updates.

bl3

For this reason, there can be a large number of vulnerabilities in Bluetooth, where BlueBorne can only be the tip of the iceberg.

In the third part of the series Bluetooth Hacking, we will see how we can access victim's device with BlueBorne app.

Let's start!

The first step of course is to have an unpatched device. I will be using an older LG phone that I have in my lab just for this purpose.

Of course, you will need a BlueTooth adapter to communicate with your target. There are several BlueTooth adapters that are compatible with Linux, but I will use one from Pluggable which is Plug-n-Play with our operating system Kali Linux.

Next, we need to install the dependencies on our Kali.

kali > apt-get install bluetooth libbluetooth-dev

bl2

kali > pip install pybluez

kali > pip install pwntools

Although Armis developed these exploits, it has not made them public. Fortunately, a security researcher developed a python based on those of Armis. You can find it on github.com. Just download it to your system as we will see below.

kali > git clone https://github.com/ojasookert/CVE-2017-0785

After you download it, you'll see a new directory created, CVE-2017-0785.

You will see a README.md file and the python script CVE-2017-0785.py. Of course we are interested in the second one and we will run it.

kali > cd CVE-2017-0785

kali > chmod 755 CVE-2017-0785.py

Now that we have our dependencies and installed the Python script successfully, all that's left is to get the MAC address of our target, as I showed in BlueTooth Hacking, Part 2, we can scan for BlueTooth devices with the hcitool.

kali > hcitool scan

This utility will search for all available BlueTooth devices within range.

Now, we have everything we need to exploit the BlueTooth device and extract the files from its memory. To run the exploit, we simply type python, the name of the script and TARGET= followed by the mac address of our target.

Our program exploited the target and got the first 30 bytes from memory! Of course, we can edit the script to get even more memory than our target.

somewhere here we reached the end of the third part. Stay tuned as the fourth and final part of our BlueTooth Hacking guide series is coming soon.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.082 registrants.

Bluetooth Hacking

Bluetooth Hacking, iguru

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

One Comment

Leave a Reply

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).