Tag Archives: John Hering

Welcome To Long Distance Bluesnarfing

(Please note: I’m not in possession of any bluesnarfing software and I’m not going to link to any. So please don’t bother leaving comments requesting it.)

Long distance Bluesnarfing is here.

Austrian researcher and Bluetooth expert Martin Herfurt tells me that he and some friends — Mike Outmesguine, John Hering, James Burgess and Kevin Mahaffey — were able to Bluesnarf a cellphone more than 1 mile away in Santa Monica Bay early on Wednesday. This follows a similar experiment late last month in which some of the same guys successfully connected to a Bluetooth phone 1 km away.

(Bluesnarfing is the practice of using a vulnerability in cellphones’ implementation of Bluetooth to steal data or to hijack a cellphone to make calls or send text messages without the user’s permission or knowledge.)

Martin says the distance was exactly 1.08 miles, or 1.78 km, which is in itself something of a feat, given they were using pretty basic stuff — a 19db antenna with a modified class 1 dongle on one side and on the other the victim’s unmodified phone. But it wasn’t just that: He says they were able to not only snarf the entire address book but also send an SMS from the victim’s phone.

Here’s Martin the victim in the foreground, the pier in the background near where the attacker is located:

I hope this kind of experiment lays to rest those folk who don’t see how this kind of thing would be a problem. Most of the naysayers claim that Bluesnarfing only works close by, but this shows that’s not true. What’s more, it shows how Bluesnarfing can be a sniper or a vacuum cleaner: Martin says they spotted dozens of Bluetooth phones in their experiment but just focused on the target phone. But if they’d wanted they could have sucked up the address books and data in most of those phones — information that might have proved very valuable.

Bluesnarfing From Across Town?

Some guys in California, Mike Outmesguine, John Hering and James Burgess, have managed to connect to an ordinary Bluetooth cellphone from 1 kilometer away, using off-the-shelf stuff, including a high-gain antenna connected to a Class 1 Bluetooth adapter kit. Their conclusion: “A typical unmodified cell phone can be reached at a distance of one kilometer by using slightly modified equipment on only one side of the link. Imagine the possibilities with modifications on both ends of the link!”

Some folk on Slashdot agree. Someone called Carbolic (who may or may not be related to the actual testers), points out the implication: “now it’s easy to Bluesnarf without even being near the target phone”. (Bluesnarfing is the trick whereby someone else can grab the contents of someone else’s phone — even make calls with it — using Bluetooth. Some more posts on that here.) I’m no techie, but it does seem to undermine those arguments that we keep hearing that somehow Bluetooth will never be a security issue because it only works within a few metres.