How To Hack Bluetooth Headsets

Uploaded by gigafide on 17.02.2009

Most wireless devices now-a-days have built in bluetooth
technology. And while it's handy, sometimes it is not
always that secure. So this video is going to talk about
certain insecurities of it and how to prevent those insecurities.
In the movie "The Dark Knight" by Christopher Nolan, they introduce a technology that
sends and receives sounds from any cell phone,
and then using Sonar, maps out that location.
While that seems a little far-fetched, the underlying principle of it
can be found in this hack, minus the Sonar
mapping. I am going to be using Linux for this tutorial.
I am going to System>Administration>Synaptic Package Manager.
What you want to do under "Quick Search" is type in "bluetooth"
and this brings up all of the applications that you can install
in linux. If you are curious about one, select it and it will give
you a description of it below. I am going to install
libbluetooth-dev and also
btscanner. We will not be using btscanner,
but it is still cool to look into. Then once you
got everything, click apply and close out of it.
Now what you want to do is open up a new web browser,
and we are going to download a program called
"carwhisperer" from the link below.
carwhisperer is a program that allows you to access bluetooth
headsets and not only send sounds to it, but also
record sounds that are coming from
it. Anything that is being said into the bluetooth
headset you can record. I am going to choose
to open it with the Archive Manager and then extract
it to the Desktop. And just for your reference,
the link that is scrolling below for the forum,
if you have any question about links
or anything that you see here, any scripts, you can
find it in the forums. Now i just opened up a terminal,
and I am going to create an hcid.conf
in the /etc/bluetooth folder.
you can do that using "gedit". And what I just
pasted you can find in the forums, just copy that
and paste it. Find where it says "passkey" and type
in 0000 and then just save and
close out of it. That should take you back
to the terminal. Now i am going to navigate
to the carwhisperer folder that we just extracted
to the Desktop by using the "cd" function
then I am going to type in DIR to show
everything that is listed in there. And you will see
what is called "Makefile". If you do "sudo make"
that will start the installation process.
Normally you would do "sudo make install" after
that, but as you can see it gives an error, so
what we are going to do is edit that "Makefile" that I just showed
you and find where it says
"", it is in two locations.
Just change the ".sh" to ".pl"
then just save and close out of it to get back
to the terminal. Now if you type in "sudo make
install" it should complete the installation
process. Now what you want to do
is get information about your bluetooth device by
by typing in "hciconfig hci0"
if it says that it is down, just do
"sudo hciconfig hci0 up"
to put it in the "up" status.
Up and running status. Now if you type
hciconfig -a, that will give you the device
class, which says it is a Computer, Desktop workstation
but we want to change that to a phone
to fool the bluetooth device. So to change
that, "sudo hciconfig hci0 class 0x500204
and now if you do "hciconfig -a",
you will see that under device class, it has it
listed as a phone. Now to perform the hack,
what you want to do is type in "hcitool scan hci0"
and that scans all the bluetooth devices that are in
range. As you can see, I have a Jabra headset
Now I just typed in "carwhisperer" to show all the commands
that carwhisperer accepts.Now I am going to go back
to Desktop, the carwhisperer
folder that we created and I just did "dir"
again. Now you can type in "carwhisperer"
and then "hci0" and then looking
at the "dir" list above,
you want to type in "message.raw" to send
an audio file, and then out.raw
is what it is going to record to. That is the file
that you are going to be receiving. Now
just type in the address of the bluetooth device that is found
above, and hit enter and it will send
the "message.raw" file to play in the
bluetooth device, and as you can see by these dots,
it is going to start recording what is being said into
the bluetooth device until you hit "ctrl c" to exit.
Out.raw is recorded in a raw format, because
it is the audio format that phones use.
If you want to convert it to a WAV file
or an MP3 file, you will need to get a program called SOX.
Just do "sudo apt-get install sox"
and that will install it for you.
Now I am going to navigate to the "carwhisperer" directory
again. You are probably already there, but
I am just have to navigate to it. Now you
want to type in the script as it is listed here.
If you want the full script, and you want information
on this and how to improve it, how to improve
the sound quality, just go to the forum.
But this is the script to convert it to
a WAV file when you hit enter. This is what it sounds like...
***playing sound byte from bluetooth****
That is it for this tutorial, for more go to