2005 - 3,689 views,

Summary: Meet the Car Whisperer. Aunty told you it could happen. Remember the BlueSniper "Rifle" which could sniff out and Bluejack Bluetooth devices up to a half-mile away? And the Bluetooth Bluespam being sent to movie-goer's phones? [Oh sure, ...

Previous Article « Israel Gets Tough New Spam Law
Read Next Article » Europeans to Be Offered TeXXXt Messages with New Mobile Porn Service

Meet the Car Whisperer. Aunty told you it could happen. Remember the BlueSniper “Rifle” which could sniff out and Bluejack Bluetooth devices up to a half-mile away?

And the Bluetooth Bluespam being sent to movie-goer’s phones? [Oh sure, the company called it “ringtones” and “wallpaper”, but we all know better.]

So it’s not a far stretch at all to expect that someone would create a device which allows one to crack the passcode on a Bluetooth phone and/or Bluetooth headset, and listen in on conversations, and even participate in them.

And that’s exactly what the Car Whisperer does.

Explains Martin Herfurt, of Trifinite.org, where the tool was developed, on the Trifinite site, the Car Whisperer “allows people equipped with a Linux Laptop and a directional antenna to inject audio to, and record audio from bypassing cars that have an unconnected Bluetooth handsfree unit running.”

This is much simpler than it sounds because many, if not most, Bluetooth devices are “protected” (and I use the term loosely), by a simple 4-digit passkey which is almost always the exact same passkey, by default, from most major Bluetooth accessory manufacturers. And not only is the default passkey the same across manufacturers, but there is usually no way for a user (the owner of the accessory) to change that passkey. So those who wish to eavesdrop on or inject themselves into your conversation, with a Car Whisperer or otherwise, don’t even need to guess at the passkey for your Bluetooth system, as it’s almost certainly that default passkey.

Herfurt goes on, “This tool allows to interact with other drivers when traveling or maybe used in order to talk to that pushy Audi driver right behind you ;) . It also allows to eavesdrop conversations in the inside of the car by accessing the microphone.”

Wheee!

Tempting though it may be to give that Audi driver a piece of your mind, the implications for this are serious.

What can an end-user do to protect themselves? First, check your Bluetooth devices to see whether you can change the default passkey to something of your own devising. If you haven’t bought that Bluetooth device yet, consider the ability to change the passkey as a factor in your purchasing decision. Unfortunately, if you already have a Bluetooth device, with an unchangable default passkey, there’s not a whole lot you can do besides diligently monitoring your Bluetooth connections for unusual activity.

Email the link for this page to a friend!

Read more:

» What is Bluejacking?

» Your Cell Phone Can Be Used to Eavesdrop on You - Even When Turned Off!

» The Toy - Part Bluetooth Vibrator, Part Ben Wa Ball

» Bluejacking with the BlueSniper Bluetooth Hacker “Sniper Rifle” Can Sniff Bluetooth Devices Up to 1/2 Mile Away

For additional similar stories check out our archives on Bluetooth, Cell Phones, Hacking, Handhelds & PDAs, Security

No Comments »

No comments yet.

RSS feed for comments on this post.

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!
If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.
Line and paragraph breaks are automatic, your email address is never displayed.
HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>