Ever want to walk into an airport terminal and 0wn every mobile phone, PDA and Blackberry in the place, while casually sipping a cup of Starbucks? Well, now you can! Fresh from the How-the-%$#&!-did they-get-this-through-Customs Department, meet the BlueBag, a portable Bluetooth sniffer designed for launching covert attacks. This stylish little package cost about $700 to assemble and holds a motherboard, 8 dongles, an amplified antenna for picking up cell phones from a around 200 meters and various wireless antennas for scanning vulnerable devices, retrieve information from them and even push out malicious code, according to Stefano Zanero of Secure Network S.r.l in Italy. Zanero and colleagues Claudio Merloni and Luca Carettoni demonstrated Blue Bag here at the Black Hat Briefings in Las Vegas.
The two have created a portable, covert Bluetooth Attack and Infection Device that can be wheeled around town -- to airports, trainstations, local coffee spots -- all without attracting attention. The two have even coded up a pretty nifty remote admin application for Blue Bag that can be run from a PDA and direct the device to survey the area for vulnerable devices, launch brute force attacks and so on.
BlueTooth hacks are still in their infancy and not so practical. For the most part, they consist of attackers pushing out malicious files to other devices in their immediate proximity and then tricking the recipients of accepting the file for download to their BlueTooth enabled device.
Far fetched, right? Well, yeah, except for the fact that when Zanero tried a "stupidity" test using Blue Bag, fully 70% of people who were promoted to download the attachment from an unknown source did so! When it gets right down to it, most of us aren't all that used to being wired things via BlueTooth, so it sounds like "curiosity kills the cat" could work well as an attack vector.