When you think about getting hacked, you mainly think of the basics: infrared, RFID, Wi-Fi, network security, door locks, etc. This is what people are usually worried about. But what about Bluetooth? What risks does it pose? And are there any tools in a DIY hacker’s arsenal to exploit it?
The Ubertooth One is a small, open-source USB device with an antenna powered by an ARM Cortex-M3 chip and a CC2400 wireless transceiver. Plug it into your computer’s USB port, and you can sniff and monitor Bluetooth signals from nearby devices.
The Ubertooth itself is older technology, originally created by Michael Ossmann of Great Scott Gadgets back in 2011. There were Bluetooth monitoring devices before this, but they were mostly expensive and technical, like the Ellisys Bluetooth Explorer, which costs about as much as a used car. This version lets you do the same thing in a smaller, cheaper package — 125 bucks is a far, far easier pill to swallow!
The Ubertooth One was the first affordable Bluetooth sniffer, and it was a game-changer in a lot of ways. You can configure it to snoop on Bluetooth Low Energy devices using Wireshark, Kismet, and various other software (including at least one program used by the government). But it does have some severe limitations about what it can do. It is primarily for targeting the newer BLE standard, which is still useful because most of the innovations in Bluetooth in the last few years have revolved around BLE rather than the Bluetooth Classic standard. It is not, however, particularly good at sniffing Bluetooth Classic, and so that limits the range of what it can do for older devices.
While the Ubertooth One is not going to be as useful as a commercial Bluetooth sniffer, there is still quite a bit you can do with it or a similar device. There are tons of BLE devices out there, and many people don’t think about Bluetooth as a vulnerability.
I won’t say you couldn’t. The project itself is mature, robust, and very well-documented for people that want to get out there and learn. Programs like Wireshark are actually fairly straightforward. But there are more intuitive devices than this one for a novice attempting to get into pentesting and hacking, and far easier places to start (like, say, the WiFi Nugget, for example, or even the Flipper Zero). And for a lot of people, an Android phone or a laptop with Kali Linux would get you pretty far.
Source by www.theverge.com
