Cатсн²² (in)sесuяitу / ChrisJohnRiley

Well I’m finally getting a chance to update my blog after a few weeks of Semi holiday. Saw some interesting things in London, just a pity I was too slow with the camera. I saw an error message on an advert screen that would have made Johnny Long proud. IP address and all….

As some people who read this blog are probably aware, I like to play about with Bluetooth when I’m on a trip. After all when you’re in a train of a bus, there’s not much else to do. I’ve been using the Bloover app from Trinite group for a while now, just for scanning the local area and looking at what devices are pumping out information. The application is a simple java install and even works on my ancient Nokia phone from before the dawn of Metasploit (or dawn of time if you prefer). All you need is support for J2ME on your phone and you’re laughing. After a couple of long(ish) train journeys to and from London, I had amassed quite a list of Bluetooth names (Some of which are Shown below). Knowing what a battery hog bluetooth can be, I really wonder about some peoples phone use. After all nobody in my cabin on the train was using a bluetooth headset, infact most where just shouting into their headsets doing the usual thing where they think everybody needs to know about their life. Anyway lets ignore that fact before people start to draw up analogies to people blogging 😉

Amongst the usual names like Nokia, SDH-900 and various other brand/model names, there was a distinct pattern emerging. A good percentage of people simply give their name as the Bluetooth broadcast ID, the rest say something about their character (I’m looking at your Thrustmeister). It’s all very entertaining, at least it gave my Girlfriend and I endless fun. However on the more serious side, the uses for this in a Social Engineering situation could be amusing. Sitting in a coffee shop snooping on Bluetooth ID’s until you can pinpoint who’s phone belongs to who. If you can find a Bluetooth Broadcast ID displaying a name, or a company name, then the follow-up conversation becomes so much easier. After all, nobody wants to admit that they’ve totally forgotten their first boyfriend/girlfriend back at high-school or the Boss from the Canadian office.

Tip of the day.. turn off your bluetooth when you’re not using it. End of story…