p2pnet - rss feed: Meet the Car Whisperer
p2pnet.net News:- “Since Adam and Marcel were at Blackhat and DEFCON in Las Vegas, I had to do the ‘Bluetooth Security’ talk at What The Hack by myself (and the help of Collin),” writes Martin Herfurt on trifinite.blog.
He continues, “After introducing the various Bluetooth security flaws (old and new ones) that were identified mainly by the trifinite.group also a new toool has been released.”
It’s called The Car Whisperer and it allows people with Linux laptops and directional antennas to inject audio to, and record audio from, bypassing cars with an unconnected Bluetooth handsfree unit running.
“Many manufacturers use a standard passkey which often is the only authentication that is needed to connect,” says Herfurt. “This tool allows to interact with other drivers when traveling or maybe used in order to talk to that pushy Audi driver right behind you 
“It also allows to eavesdrop conversations in the inside of the car by accessing the microphone.”
Herfurt says the attacker’s laptop is fully trusted once it has a valid link key, meaning the laptop could be used to access all the services offered on the hands-free unit.
“Often, phonebooks are stored in these units,” he adds.
“I am quite certain that there will be more issues with the security of these systems due to the use of standard passkeys.”
Count on it ; )
A night-time shot of Herfurt hard at work on an overpass with, inset, a
day-time view. Album pix here.
=============================
Something you think we should know? tips[at]p2pnet.net
See:-
What The Hack - What the Hack !!!, p2pnet, July 29, 2005
The Car Whisperer - Introducing the Car Whisperer at What The Hack, July 31, 2005
August 1st, 2005 at 9:31 pm
Just as computers are maturing into a mass tool for the populace, soon so will those phones that are being carried on your person and in your vehicles. For every security device and block there is now a new security hole it seems. If you think for one moment that the government isn’t aware of this, your nuts. Big brother is alive and well and will be watching and listening.
You are seeing the beginning of the arms race with vehicles as it happened with the computer. What will it mean? No privacy for one. Your phone will turn into another of those devices that people love to hate. (just like computers) It will cost you an arm and a leg to attempt to secure your privacy with all the anti-this and anti-that to attempt to protect your unit. The readers here have already seen that viruses are now mobile capable. (and yes, antivirus companies are selling to a new market) Soon will follow the rest where damaging programs are run, where hijacks occur that cost you and not the theif for the phone call, and your secret passwords and codes will soon follow this exposure with those who desire your private information will have access to yet another route to it.
Thank heavens I HATE a phone!
August 2nd, 2005 at 12:12 am
all you bluetooth proponents out there…now don’t you get the message we’ve been telling you for months?
it sucks. it’s an invasion of privacy.
it must be banned!
August 2nd, 2005 at 10:48 pm
or it will cause people to revert to simple cell phones that do what you need and not much more…
Having security problems with bluetooth?? simple.. DONT BUY A PHONE WITH IT… sure you might have to *gasp* use a corded headset or plug your phone into your computer but for much better security it just might be worth it…
August 2nd, 2005 at 10:59 pm
gee, i wonder where all of the appleheads and bluetooth-lovers are.
oh yeah. duh. they have nothing to say in defence because there is no defence.