Wireless Communications

Thierry Zoller and Kevin Finistere @ 23C3 In Berlin (Germany). Remote Root Exploit over Bluetooth on MacOSX

This is a tuturial how to hack the most mobile phones with Bluetooth with your Sony Ericsson or Nokia phone. You need a program called "Super Bluetooth Hack" (it's also called "BT Info"). You can download it on many places, such as: http://www.hack.pt.tp/ or try Google (search for "BT Info" or "Super Bluetooth Hack". With the program you can do things on the other phone such as: - read SMS messages - read contacts - change profile - play ringtone (even if phone is on silent) - play songs - restart the phone - turn off the phone - restore factory settings - change ringing volume - call from the other phone (it includes all call functions like hold etc.) Notes: 1.) When connecting devices use the code 0000 2.) At start of programm on smartphones do not forget to turn on bluetooth before start of the application 3.) You have to download the file with Firefox, because Internet Explorer makes it a .zip file. If you don't want to download Firef

Here's a short video in which Joshua Wright demonstrates how a Bluetooth headset can be hijacked, allowing audio to be captured or sent to the device: Few users realize that Bluetooth headsets can be exploited granting a remote attacker the ability to record and inject audio through the headset while the device is not in an active call. SANS Institute author and senior instructor Joshua Wright demonstrates. All that is necessary is knowing the device address, which can be easily sniffed, and the secret pin, which defaults to 0000. The headset audio is tapped while not in a call, so any room conversation the headset's mic can pick up can potentially be listened to remotely.

I found that wifizoo script is a wonderful VA/PT tool.here is how I am running wifizoo script on my laptop running wireless NIC Intel 3945a/b/g along with discovery/Injection support.here is step by step configuration along with problem solved with logs and graph rendering in BT3 Final. Brief about wifizoo-WifiZoo is a tool to gather wifi information passively. Among many other things Wifizoo can do the following: “-gathers useful information from unencrypted wifi traffic (ala Ferret,and dsniff, etc); like pop3 credentials smtp traffic, http cookies/authinfo, msn messages,ftp credentials, telnet network traffic nbt, etc.” download the following tools first WifiZoo v1.3 http://community.corest.com/~hochoa/wifizoo/wifizoo_v1.3.tgz scapy http://hg.secdev.org/scapy/raw-file/tip/scapy.py graphviz 2.18 update for BT3 http://slacky.uglyplace.org/reposito…8-i486-1sl.tgz check your wireless NIC which supports both discovery & Injection & note it. In intel 3945 it is wifi0(ipwraw driver)

Here is a Python program to do WiFi channel hopping with an AirPcap adapter. The program (apc-channel.py) takes 3 options: –interval sec to set the interval between hops (default is 0.5 sec) –step increment to specify the size of the channel hop (default is 5) –quit to prevent the program from displaying each channel hop The program also serves as an example on how to use the AirPcap dll from a Python program. I’ve a couple of other AirPcap programs written in Python (like one to monitor probe requests). If there’s enough interest, I’ll clean up the code and publish it. Be aware that you need an AirPcap adapter for all these programs. link: hxxp://didierstevens.com/files/software/apc-channel_v0_1.zip via thewifihack.com