Eavesdropping on Bluetooth headsets

By on Jan 2, 2008 · 13 Comments 

In this short video (after the break) Joshua Wright demonstrates how a Bluetooth headset can be hijacked, allowing any audio to be captured or set to the device.

Few users realize that Bluetooth headsets can be exploited granting a remote attacker the ability to record and inject audio through the headset while the device is not in an active call. SANS Institute author and senior instructor Joshua Wright demonstrates.

All that you need to know is the device address, which can easily be sniffed, and since the default pin for bluetooth headsets is 0000 there is no need to crack the key. The scary thing is that even when your not in a call, the audio can be tapped so that any room conversation can be picked up and listened to remotely. Word to the wise, don’t use Bluetooth headsets


Frank's the editor in chief of tech.nocr.at. He can be found surfing the internet and playing with gadgets. Follow him on twitter @franklinhares

Filed under Hacking And Security · Tagged with , , , , , , , , , , , , , , , , , , ,

  • Mike

    You would have to be a complete moron not to know that bluetooth headsets are the most unsafe of all Bluetooth devices.

    If you can avoid using one, do so.

    ReplyQuote
  • david vallence

    intersting logic. if someone doesnt know something then they are complete morons. wonder if you then think of yourself as a moron because i am positive you don\’t know everything.
    by rhe way i have the courage to at least provide my full name. anyone can do first names or anonymous.

    ReplyQuote
  • LEBATO

    Terrible terrible comments above.

    The first one is a complete moron for implying that indeed we have to know everything to not be a moron which is the dumbest thing I\’ve heard in quite a while. Moron is one who thinks like you.

    And David, it doesn\’t take \

    ReplyQuote
  • Kevin

    Maybe we should all learn how to type? Then we can all make comments about each other.

    SPELLCHECK

    ReplyQuote
  • Sutter

    So, is there a way for one to change the default pin on a Bluetooth headset? I\’m still keen on the idea if using one, but it\’d be nice to know how to secure it.

    ReplyQuote
  • http://jbenson2.blogspot.com/ jbenson2

    Interesting & Incomplete

    Both the article and the video state the default pin for bluetooth headsets is 0000.

    The obvious question is “Can the default pin be changed?”.

    But that basic question is not addressed by the reporter.

    ReplyQuote
  • Paul Kenny

    Unfortunately not. Headsets generally have a ROM for memory since its smaller and cheaper to produce. So there is no way to flash it or change it.

    ReplyQuote
  • http://www.fastercats.com Open Office and Google Docs

    Here is what I have been telling people for twenty years, about cordless ‘phones’ cell phones, baby monitors, etc…

    If it aint got a cord, it’s a radio. Treat its use as such.

    Cheers,

    Karl A. Shalek
    http://www.fastercats.com

    ReplyQuote
  • lucas

    Wireless head sets make people look crazy and in my experience, users talk so fricken loud, that everyone nearby can hear the conversation anyway. They may be great for the car, but for god sakes, dont use your head set in the line at the grocery store. You\’ll just end up looking like a maniac and no one wants to hear you regale your drinking buddies with tales of your adventure with the blonde from the bar the night before.

    ReplyQuote
  • Thor Robinson

    lucas: We can easily exploit this behaviour by broadcasting absurd conversations to them. Once we convince these social defectives that the voice of Elvis is communicating to them over their bluetooth headset whenever they happen to hang out near the local bus stop, we can drive them to insanity, or at least order them to a holy quest.

    ReplyQuote
  • King

    The video is gone, any sources on finding it again?

    ReplyQuote
  • Mike

    Video seems to be working just fine for me.

    ReplyQuote
  • Josh Davis

    You need to turn magic slashes off please! ”””””””””””””

    ReplyQuote