Bluetooth hacking has come a long way

Recently I learned just how much of the Bluetooth protocol is performed by the Bluetooth adapter itself. This was disappointing for me, as I wish to hack about with the relevant encryption and authentication mechanisms. Life is not all bad, however. Cambridge Silicon Radio (CSR) makes some Bluetooth radios that read their firmware from an onboard flash chip, and some enterprising individuals (evilgenius.de, darkircop, PDF slides) have figured out how to extract, disassemble, reassemble (potentially modified), and reprogram these devices.

The motivation for all these people was to create a general-purpose sniffer, enabling creation of bluedrift. I would like to see the creation of some open source firmware for these devices, so I don’t have to bog through disassembled binary to find where to insert my own code. 🙂

Also, an interesting paper is Bluesniff: Eve meets Alice and Bluetooth

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s