Bluetooth Hacking [events.ccc.de]
Last week, I visited the 22nd Chaos Communication Congress in Berlin. One of the presentations was about Bluetooth hacking. My Dell Latitude D800 laptop was suspended and stowed away in my backpack, but during one of the live demonstrations, its corporate Intranet name appeared on the presentation screens. As indicated by the blue light, Bluetooth is still active on the D800 even in suspended mode. And I didn't bother to change the default configuration.
While the laptop didn't get hacked, I prefer to not broadcast the company and office I work for while walking around. If you use the bluez-utils RPM, this can be prevented by changing the default /etc/bluetooth/hcid.conf as follows:
# Default settings for HCI devices
device {
...
# Local device name
name "foobar";
...
# Inquiry and Page scan
iscan disable; pscan enable;
...
}
The default name is "%h-%d", which is the host name and device ID. Depending on your network configuration, this can reveal quite a lot about where you come from. Also, inquiry scans are enabled by default, so anyone can detect the name of your Bluetooth device.
After you have changed the configuration options, run service bluetooth restart to active them.
11:20, 07 Jan 2006 by Carsten Clasohm Permalink | Comments (1)
Archive
| January 2006 | ||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||
July 2008
June 2007
May 2007
March 2007
January 2007
December 2006
September 2006
June 2006
April 2006
March 2006
February 2006
January 2006
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
January 2005
December 2004
November 2004
October 2004
Blog Categories
Hiking (5)Desktop Linux (28)
Server Linux (5)
Palm (3)
Photography (5)
Politics (2)
Web Applications (15)
Notifications
Request notifications
Syndication Feed
