Whirr2005-08-03
Car Whisperer
Having just purchased my first bluetooth device (my Űber-phone) I am now especially interested in bluetooth news. Two things of interest:
  1. It's named after Harald Blåtand (pronounced, apparently, Bluetooth) a sort of Danish Bismark who united the warring tribes of the Netherlands into a unified group. The logo is made of the runes for H and B. I think that's neat.
  2. Ha><0rz (white hats, it seems) have rigged up a device to pwn bluetooth "hands-free" devices in passing cars. It was a proof of concept to show how dangerous it is for companies to use standard passkeys, which are often left set to the default by the users.
    Once the connection has been successfully established, the carwhisperer binary starts sending audio to, and recording audio from the headset. This allows attackers to inject audio data into the car. This could be fake traffic announcements or nice words. Attackers are also able to eavesdrop conversations among people sitting in the car.

    It's called the "car whisperer", which is also neat... and a little creepy.


Comments