Skip to content

The Car Whisperer

September 10, 2009

Bluetooth technology, though a useful tool, can be quite an ugly thing. Many cars, or most new cars anyway, have built-in bluetooth devices. With proper enumeration tools, such as the software package The Car Whisperer, from TriFinite.org, anyone can tap into these devices.

See, the problem is that bluetooth manufacturers use null (0000) or simple (1234) PINs for their devices to authenticate to the bluetooth network. Once you can tap that device, you can send messages through the car’s bluetooth audio device (usually tied into the car’s speaker sytem) and record what the people in the car are saying, even if they don’t know they have the bluetooth device on. Just like you can hear what people are saying through their bluetooth earpieces without the necessity for them to be on phone. Once that device is connected to their PAN (Personal Area Network), it is a hot device. If it is on, we can tap it, hack it, snarf it, whatever.

The bluetooth manufacturers need to avoid using those simple PINs for better protection.

Oh, and if you don’t need your bluetooth, turn it off.

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: