Make: Online : Eavesdropping on Bluetooth headsets

Eavesdropping on Bluetooth headsets

Here's a short video in which Joshua Wright demonstrates how a Bluetooth headset can be hijacked, allowing audio to be captured or sent to the device:

Few users realize that Bluetooth headsets can be exploited granting a remote attacker the ability to record and inject audio through the headset while the device is not in an active call. SANS Institute author and senior instructor Joshua Wright demonstrates.

All that is necessary is knowing the device address, which can be easily sniffed, and the secret pin, which defaults to 0000. The headset audio is tapped while not in a call, so any room conversation the headset's mic can pick up can potentially be listened to remotely.

Comments

Oldest comments listed first.

Posted by: edisson calderon on December 31, 2007 at 4:47 PM

thanks for the video, it is very good information.

Reply to this comment

Posted by: Bob on December 31, 2007 at 5:17 PM

LAME!

Reply to this comment

Posted by: kidmidnight on December 31, 2007 at 5:20 PM

holy crap, that dude is a freaking sissy

Reply to this comment

Posted by: fagmidnight on December 31, 2007 at 5:33 PM

holy crap, that sissy just listened to you having phone sex with your gay boyfriend

Reply to this comment

Posted by: Jinder on December 31, 2007 at 6:28 PM

Nicely done, well presented.

Reply to this comment

Posted by: peter guszti on December 31, 2007 at 6:33 PM

, Yeah I have a wireless blootooth headset, and its great. i think they started selling like 30% more the last year., I also posted it on my blog with extra coments,www.opentopix.com/topic/gadgets/bluetooth-wireless-headsets-boom

Reply to this comment

Posted by: Ryan on December 31, 2007 at 7:00 PM

All 3 of my bluetooth headsets will only pair when it is put in a special "pair mode" (typically by holding the power button for 10 seconds or more).

I'd be interested if this attack will work on devices with this "feature".

Reply to this comment

Posted by: JD on December 31, 2007 at 7:01 PM

umm, I call BS for a few reasons.

1) The pin is used to associate two devices (the handshake) not for ongoing communication.
2) Once the headset has been associated to the device, it cannot be re-associated to another device while the first device is still active. So I would have to turn my phone off.
3) Even though you may be able to send a signal with that super nifty antenna, you most likely will not be able to receive the signal back unless they have a similar antenna.

You're more at risk with the FBI being able to remotely activate your mic.

Reply to this comment

Posted by: CDog on December 31, 2007 at 9:59 PM

Brown University Baby!

Reply to this comment

Posted by: Matt on January 1, 2008 at 3:57 PM

wow, brown university...

Reply to this comment

Posted by: bob on January 1, 2008 at 5:41 PM

did he get her number

Reply to this comment

Posted by: * on January 2, 2008 at 2:18 PM

ghey is the correct terminology, kidmidnight.

Reply to this comment

Posted by: lo on January 3, 2008 at 7:09 AM

Didnt even watch the video because it sounds so retarded.

Reply to this comment

Posted by: miso on January 3, 2008 at 1:58 PM

very good blog :)

Reply to this comment

Posted by: lol on January 3, 2008 at 5:30 PM

lame

Reply to this comment

Posted by: Karl Moerder on January 5, 2008 at 6:55 PM

This guy is more annoying and effeminate than me !

Reply to this comment

Posted by: asdas on January 10, 2008 at 5:45 PM

Recently,we have tailored the unique wow gold

Reply to this comment

Posted by: nocti on February 1, 2008 at 7:24 PM

ignore the other comments. good presentation. good info. those who think that this is lame are skr1pt k1dd1ez who just want it point-n-click so they can use it...

Reply to this comment

Subscribe to MAKE Magazine!

Subscribe today, save 42% and get web access to MAKE free. MAKE Digital Edition is available only to subscribers.

$34.95 / 1 year
(4 Quarterly Issues)

Subscribe now

Void your warranty, violate a user agreement, fry a circuit, blow a fuse, poke an eye out. Make: The risk-takers, the doers, the makers of things... Welcome to Make: Online!

More guides: Santa Claus Machines, Geek Toys for Grown Up Girls & Boys

Check out all of the episodes of Make: television

Connect with MAKE

	MAKE on Facebook Visit our Facebook page and become a fan of MAKE!
	MAKE on Twitter Follow our MAKE tweets!
	MAKE on Flickr Join our MAKE Flickr Pool!

make_tips on Twitter

Why advertise on MAKE?
Read what folks are saying about us!

Click here to advertise on MAKE!

Make: Online authors!

Gareth Branwyn
Senior Editor

Phillip Torrone
Senior Editor
| AIM | Twitter

Becky Stern
Associate Editor
| AIM | Twitter

Marc de Vinck
Contributing Writer
| AIM | Twitter

John Park
Contributing Writer
| Twitter

Sean Ragan
Contributing Writer
| Twitter

Matt Mets
Contributing Writer
| AIM | Twitter

Dale Dougherty
Editor & Publisher
| Twitter

Shawn Connally
Managing Editor
| Twitter

Goli Mohammadi
Associate Managing Editor

Kip Kay Kip Kay
Weekend Projects
| AIM | Twitter

Collin Cunningham
Contributing Writer
| AIM | Twitter

Adam Flaherty
Contributing Writer
| AIM | Twitter

More contributors: Mark Frauenfelder (Editor-in-Chief, MAKE magazine), Kipp Bradford (Technical Consultant/Writer), Chris Connors (Education), Diana Eng (Guest Author), Peter Horvath (Intern), Brian Jepson (O'Reilly Media), Robert Bruce Thompson (Science Room)

Suggest a Site!

Current Podcast

Weekend Project: Beetlebot Simple robot from your parts bin that avoids obstacles. Thanks go to Jerome Demers for the original article in MAKE, Volume 12. To download the Beetlebot video, click here or subscribe in iTunes. Check out the complete Beetlebot article... More...