August 9, 2006
Las Vegas (NV) - A pair of Italian hackers has created the lazy man's
Bluetooth scanner by cramming eight Bluetooth dongles and a miniature
computer into a rolling luggage case. While Bluetooth scanning has been
around for a few years, the "BlueBag" case uses an extra omnidirectional
antenna to prescan the area. The pair says the Bluebag can detect devices
up to 200 meters (about 600 feet) away and can run for up to 10 hours
Claudio Merloni and Luca Carettoni said they built the BlueBag because
they wanted to raise awareness about Bluetooth vulnerabilties. The pair
was dissatisfied with traditional Bluetooth scanning which required
walking around with a laptop. "You can't walk around a shopping mall or an
airport with a laptop," said Merloni during his talk at the Blackhat
security conference in Las Vegas.
The hardware was assembled in about one day, but Merloni and Carettoni
said the software and reliability testing took much longer. Inside the
hard-shell case is a Via Mini-ITX motherboard, an 1.8" hard drive taken
from an Ipod, and nine Bluetooth dongles. One of the dongles is connected
to an omni-directional 5 db antenna.
The entire rig is autonomously powered with a 26 amp-hour lead-acid
battery, which according to Merloni lasts up to 10 hours. The pair hacked
together their own power converter/regulator and even converted the
luggage key socket into the on/off switch. They can covertly insert and
turn a key to turn the computer off and on.
Gentoo Linux version 2.6 with the BlueZ Bluetooth drivers was installed on
the hard drive and custom Python scanning scripts were written. The
Bluebag can be controlled wirelessly through a web browser from a PDA or
full-sized laptop. While this is similar to other Bluetooth scanning
projects, the BlueBag can gain more information about devices by
The omni-directional antenna constantly scans the area and detects the
presence of Bluetooth devices. This information is then offloaded to the
other eight antennas that are now ready to gain more detailed information
as the device gets into closer range.
Merloni said that the Bluebag could be modified to send keyloggers,
sniffers and worms, but he hasn't actually tried it yet. He adds that the
rig does have a "stupid test" which sees if people will accept an
anonymous Bluetooth transfer. These transfer requests show up as dialog
boxes on the victim's phone or device and Merloni is "amazed" at how many
people actually accept the transfers. Up to 70% of people accepted the
In initial tests, the Bluebag detected 1405 unique devices in less than 24
hours of scanning in shopping malls, train stations and airports. They say
93% of the detected devices were mobile phones and 3% were computers. PDAs
and GPS devices came in at 2% and 1%, respectively.
One problem with the Bluebag is that it can knock out wireless networks
when it's turned on. Bluetooth shares the same frequency band as many
computer wireless networks and Merloni said, "It destroys all wireless
networks in the area."
Visit the InfoSec News store!