Presentation Title: Hacking the Bluetooth Stack for Fun, Fame and Mayhem
As the use of bluetooth technology becomes more commonly used, the room for exploitation increases. From cell phones to gaming devices. Dino will demonstrate various methods of exploiting this technology in real life situations as well as give demonstrations. This presentation will involve new techniques like PS3 hacking and Bluetooth hacking being used in ‘man in the middle’ attacks. Heres what to expect:
1.) Hidattack â€“ We will be demonstrating the tool ‘Hidattack’, and showing how data like phonebooks can be stolen from vulnerable phones. We will also show how to hijack bluetooth keyboards using this tool.
2.) A derivative of the bluesnarfing is the bluesnarf++ attack. Where normal bluesnarfing exploits the object exchangeâ€™s push profile daemon, the bluesnarf++ attack targets the object exchangeâ€™s file transfer profile, effectively giving attackers full access to any data stored on the device if successful.
3.) Gaining access to a phones AT command set via RFCOMM channels allows attackers to make phone calls, send and read smsâ€™s and more, depending on the make and model of the phone being targeted. Also known as a bluebug attack, it has caused a stir recently when it was discovered that victimâ€™s phones were being used to call premium-rate numbers.
4.) Bluetooth hacking used in ‘man in the middle attacks’. We will show how bluetooth hacking can be used to inject and intercept sound clips.
5.) How to turn your iPhone into a hand-held hacking device!
Dino Covotsos is the Founder and Managing Director of Telspace Systems, a South African IT security firm which started business in 2002. Mr. Covotsos has many years of experience in the IT security industry and has been involved in many different large scale projects worldwide, ranging from vulnerability assessment to attack and penetration testing for corporate clients. Mr.Covotsos uses his hands on knowledge to help secure corporate networks in new and unique ways and has also written articles for various magazines in the IT and Government sector specifically on information security issues.