Is Bluetooth secure on iPhone 3GS?

Europa

Moderator
Senior Moderator
Dec 12, 2008
28,365
5,507
113
Utah
#1
A couple years back, a friend of mine (programmar) told me that using a bluetooth connection for a cell phone is not secure. He said that he was able to use his computer (probably the live Linux CD Backtrack) to look at the names and phone numbers on contact lists of random phones (this was before the V1 release) of nearby people that were using bluetooth connections. Is it possible for someone to easily hack into your iPhone if you have bluetooth enabled?

I'm guessing that the iPhone is locked down pretty good and more difficult to hack than the phones he was sniffing, but just want to hear other opinions.
 

JoeT

Member
Silver
Dec 18, 2007
911
0
16
Tampa, FL
#2
The iPhone does not support the services under BT that would make that possible.

The only vulnerability is accessing the headset profile, which is usually done with headsets that have known default pairing codes (since this is the seed that encrypts the traffic). So if someone knows the pairing code that you had to use to pair, they can eavesdrop on your conversations by activating your phone's mic with the right software. In my experience, it's pretty rare given the range, but still.

Note that this permits you to listen in on the phone's mic -- not on phone calls.
 

Europa

Moderator
Senior Moderator
Dec 12, 2008
28,365
5,507
113
Utah
#3
Thanks for the response.

But they can't get into the and see the phone numbers and contact names that have been uploaded to the bluetooth speaker phone, right?

The manual said that the phone calls are encrypted but if they are listening right through the mic that wouldn't matter, correct?

Is that eavesdropping only possible when you are on a phone call or when you are in your car just talking to a passenger?
 

JoeT

Member
Silver
Dec 18, 2007
911
0
16
Tampa, FL
#4
But they can't get into the and see the phone numbers and contact names that have been uploaded to the bluetooth speaker phone, right?
I've never heard of a BT speaker phone that holds contacts, so I can't speculate intelligently there. Usually the contacts are held in the phone.

The manual said that the phone calls are encrypted but if they are listening right through the mic that wouldn't matter, correct?
BT devices can generally only hold one connection at a time, so your phone (for example) would not be able to handle two connections at a time - one on a call and one to an eavesdropper. However, if you were NOT on BT, then it depends on the phone -- does it permit more than one connection to the mic at the same time?

If they were able to monitor a call, then the encryption would indeed be a moot point.


Is that eavesdropping only possible when you are on a phone call or when you are in your car just talking to a passenger?
Notwithstanding what I said above, only when you are talking to a passenger. You can also talk THROUGH the BT - so picture you're driving along and someone comes over your BT headset/car kit saying, "Dude.. Those shades don't match your shirt..."...
 

Europa

Moderator
Senior Moderator
Dec 12, 2008
28,365
5,507
113
Utah
#5
After pairing the superant bluetooth to the phone, it uploads the contacts to the bluetooth speaker phone (but it's optional). This way when a call comes in, instead of the voice saying, "call from 123-456-7890", it says, "call from Mike".

The manual said it can only be paired to one device at a time.

I don't understand the last part. Just to clarify, you mean they can only listen when your talking to people in the car and NOT while your talking on the phone through the BT? If so, you would see the light go on indicating the speaker is active, right?


Do you avoid bluetooth because of that vunerability?
I mean people can easily listen in to your conversations over cordless phones, but that doesn't stop the general population from using them. I'm always cautious about what I say over the phone, regardless if it's cell, home landline, home cordless, BT etc. You never know who's listening.
 

JoeT

Member
Silver
Dec 18, 2007
911
0
16
Tampa, FL
#6
After pairing the superant bluetooth to the phone, it uploads the contacts to the bluetooth speaker phone (but it's optional). This way when a call comes in, instead of the voice saying, "call from 123-456-7890, it says, "call from Mike".
Coolness! So yes, that could indicate a vulnerability if it resembles a phone at the BT level.


I don't understand the last part. Just to clarify, you mean they can only listen when your talking to people in the car and NOT while your talking on the phone through the BT?
In almost all cases, assuredly yes. I don't know of a headset that will accept more than one connection at a time.


Do you avoid bluetooth because of that vunerability?
I mean people can easily listen in to your conversations over cordless phones, but that doesn't stop the general population from using them. I'm always cautious about what I say over the phone, regardless if it's cell, home landline, home cordless, BT etc. You never know who's listening.

No. The range of BT is so limited as to render a monitoring session mostly useless. Someone would have to follow you quite obviously or be constantly aiming a 2.4Ghz beam antenna at you from whatever distance to monitor more than a snippet of conversation. And, at that, in practical terms, this is likely to be random eavesdropping, not targeted eavesdropping. I don't think anyone will hear much more of your conversation than they would if they were standing near you in a store. They move on, you move on.

Now, if you get a police force, the FBI, or a nation-state involved..... But I'll leave those considerations as an exercise to the conspiracy theorists amongst us.
 

Europa

Moderator
Senior Moderator
Dec 12, 2008
28,365
5,507
113
Utah
#7
If someone activated the speaker phone mic from the outside so they could listen in on the conversations you're having in the car, you would see the light go on on the bluetooth speaker phone indicating the speaker is active, right?
 

Europa

Moderator
Senior Moderator
Dec 12, 2008
28,365
5,507
113
Utah
#8
The thing I don't understand is that the BlueAnt Supertooth 3 speaker phone has to be put in "pairing mode" from the device itself. If you don't put it in pairing mode, how can someone pair with it even if they know the default passcode for it? Additionally, it tells you through the speaker phone when it is paired with the new device.

Anyone else have any opinions on this?
 

JoeT

Member
Silver
Dec 18, 2007
911
0
16
Tampa, FL
#9
If someone activated the speaker phone mic from the outside so they could listen in on the conversations you're having in the car, you would see the light go on on the bluetooth speaker phone indicating the speaker is active, right?
Depends on the unit in question.
 

JoeT

Member
Silver
Dec 18, 2007
911
0
16
Tampa, FL
#10
The thing I don't understand is that the BlueAnt Supertooth 3 speaker phone has to be put in "pairing mode" from the device itself. If you don't put it in pairing mode, how can someone pair with it even if they know the default passcode for it? Additionally, it tells you through the speaker phone when it is paired with the new device.

Anyone else have any opinions on this?

It's not paired - it's connected to. Big difference.

Here's some links to peruse.

http://trifinite.org/trifinite_stuff_carwhisperer.html

http://gizmodo.com/gadgets/clips/how-to-eavesdrop-on-bluetooth-headsets-328664.php
(Joshua Wright, the person in the video on this page, is a recognized security expert. He did leave out some details, such as how to get the address of the headset you're going to target, but suffice it to say that it's like wardriving for WiFi -- trivial).
 

Europa

Moderator
Senior Moderator
Dec 12, 2008
28,365
5,507
113
Utah
#11
Wow, great video. Thanks for the info. Huge security risk, especially when you consider people with sensitive information, like Physicians, using them. I'd probably consider getting rid of it at this point, but I'm one of those people that believe the Government has automated devices that screen (and kick in to record if key words are said) most calls in the US anyway.
 

JoeT

Member
Silver
Dec 18, 2007
911
0
16
Tampa, FL
#12
Well, like I say, it's not a HUGE risk, just one that is present. For you to truly fall victim to it, someone would have to be targeting you specifically -- and if that's the case, you've got worse problems.

Remember also that this only works with PRE-SET pairing codes. My car's BT has you enter your own code; so it's immune.

And hey, aren't you blasting tunes most of the time anyway?
 

Europa

Moderator
Senior Moderator
Dec 12, 2008
28,365
5,507
113
Utah
#13
So are they able to activate the mic on the BT speakerphone/mic device or on the iPhone itself or either or? If you mean the iPhone itself, it wouldn't be possible if Bluetooth is turned off on the iPhone, even though the BT speakerphone device it is paired with is on.

Right now, I'm turning the Bluetooth off on the phone when not in use but leaving the Bluetooth device on 24/7.

I think I am going to look for one that doesn't have a default pairing code that can't be changed, just to be safe. Do you know of any car BT speaker phones that you change the codes on?
 

Staszek

New Member
Bronze
Sep 24, 2007
212
0
0
#14
Well, like I say, it's not a HUGE risk, just one that is present. For you to truly fall victim to it, someone would have to be targeting you specifically -- and if that's the case, you've got worse problems.

Remember also that this only works with PRE-SET pairing codes. My car's BT has you enter your own code; so it's immune.

And hey, aren't you blasting tunes most of the time anyway?

I wouldn't say it would be a huge risk for listening in on conversations, but it is a bigger risk for stealing information. There are many times that hackers can sit in a crowded area like a cafe at lunch and are able to pull contacts and other information off of several phones in the immediate area very quickly.

It is more hit or miss for them, but its not hard to do.

As for the government, they can turn on the mic on just about any phone they want at any time. Even if the phone is completely off. The only way to avoid that is to take the battery out.