Some Bluetooth  applications can be used as scanning and hacking tools,  revealing much more information than a phones default  scanning and  connectivity  applications do,  writes Nizar Diamond Ali.

While Bluetooth functionality provides the ease of sharing stuff between phones and computers; it also creates a security issue due to its inherent insecure nature.

This insecurity often goes unnoticed as most users only use the built-in Bluetooth functions — but, there are applications out there that scan the surroundings for Bluetooth enabled devices and can gain illegal access into them. Today we will take a look at a few such applications to demonstrate the capability of Bluetooth tools, and discuss how to stay safe from its misuse.

BT DISCOVER

This is a small 19K Java application that can be used to scan surroundings for discoverable Bluetooth devices. This is different from the phones built-in device search as user can specify re-scanning delay - using Pause b/w Searches option - to make the application continuously scan for devices.

The application appears to have been written for the PC platform as there are options including a checkbox that saves the output file on a given path, file format, etc. Another option is to alter the visibility of the phone used for scanning - the user can set it to visible, not visible or doesnt change to keep the existing visibility settings.

Then theres an option of ignoring devices without a name. Note that a Bluetooth device is usually identified by its name. The default name is often the handsets manufacturer name followed by model number but users can change this name to any text. The real identification is through its address which is unique — like a computers MAC address. So do not choose to ignore devices without names.

The next option is the notification. The user can select an option of notification when a device is found - vibrate, sound or do nothing. The last option is a checkbox 'Show device in activity' menu - keep it checked, and press OK to start scanning. A prompt appears asking for read / write user data permission. Press Yes. The scanning completes within a few seconds and the results are displayed at the top, under a frame titled Found Totally. Press Select to check the name and address of the discovered devices.

DJK BLUEVOICE

This is again only a 19K Java application originally made for enabling voice communication over Bluetooth, but it does a good scanning job as well. When you open DJK, it asks for the permission to create server connection - allow it and press Search. A radar screen appears with a rotating scanner — a welcome break from the text-only static screen scanners.

Scanned results are interesting as it not only shows the device's name but device types as well -- e.g., phone or computer -- along with device address. To get information about the handset on which this application is running, select More > Info. It provides the handsets name, address, discoverable status, type, version and number of connections.

STM BLUES

This 47k Java application goes a step further as it attempts to retrieve services information from the Bluetooth devices searched. Start the application and press OK at the Add Devices prompt. The search starts and a device list is displayed. Selecting each device results in a device-specific search for services, including file transfer which is usually running on Bluetooth enabled PCs.

NEAR CONN

This is a 94K Java application with a basic Bluetooth search option through Click and Search button. It lists the devices found, but on few handsets the application occasionally crashes.

MAGIC BLUE HACK

This 8K Java application is one of the better proof-of-concept demonstration of how vulnerable todays Bluetooth devices are, once a connection is established.

Start the application and press Search. The results are displayed as hyperlinks. Select a nearby phone for testing purposes and accept the connection over it. Note that in an actual scenario, it's basically up to the target to accept or decline a connection but social engineers have proved that people do accept connections from unknown legitimate-looking device names.

After establishing connection with the target, two fields appear on the screen — the number and SMS. Enter a phone number in the first and some text in the second. The number can now be dialled through the target phone simply by pressing the Make Call button. Its haunting to see the target phone auto dialling a number so easily! And if thats not enough, the attacker can go to Options and try out other options such as Send SMS, Phone Book reading, Write Phone Book, Answer Call, Hang Call and Clear. All of these options work with varied degree of success.

 For example, Phone Book option tested over Nokia 2630 was able to fetch the phone book of a Sony Ecricsson K320i phone within seconds. The application while running only on the attackers handset exercises so much control over the target phone.

There are other Bluetooth applications to perform similar operations, such as Super Bluetooth Hack. The point to note is that these scanners and hacking tools reveal much more information than a phones default scanning and connectivity applications do. This can be a good learning point for Bluetooth developers too.

To prevent a handset from being compromised by such tools, ensure that the Bluetooth option is turned off by default, and preferably in hidden mode if the Bluetooth it is on. Also, periodically check the list of paired devices and remove any suspected entry if present. Stay safe while enjoying Bluetooth!