Is Bluetooth secure on iPhone 3GS?

Europa · 06-25-2009, 06:57 AM

A couple years back, a friend of mine (programmer) told me that using a bluetooth connection for a cell phone is not secure. He said that he was able to use his computer (probably the live Linux CD Backtrack) to look at the names and phone numbers on contact lists of random phones (this was before the V1 release) of nearby people that were using bluetooth connections. Is it possible for someone to easily hack into your iPhone if you have bluetooth enabled?

I'm guessing that the iPhone is locked down pretty good and more difficult to hack than the phones he was sniffing, but just want to hear other opinions.

JoeT · 06-25-2009, 08:09 AM

The iPhone does not support the services under BT that would make that possible.

The only vulnerability is accessing the headset profile, which is usually done with headsets that have known default pairing codes (since this is the seed that encrypts the traffic). So if someone knows the pairing code that you had to use to pair, they can eavesdrop on your conversations by activating your phone's mic with the right software. In my experience, it's pretty rare given the range, but still.

Note that this permits you to listen in on the phone's mic -- not on phone calls.

Europa · 06-25-2009, 08:37 AM

Thanks for the response.

But they can't get into the and see the phone numbers and contact names that have been uploaded to the bluetooth speaker phone, right?

The manual said that the phone calls are encrypted but if they are listening right through the mic that wouldn't matter, correct?

Is that eavesdropping only possible when you are on a phone call or when you are in your car just talking to a passenger?

JoeT · 06-25-2009, 08:51 AM

Originally Posted by Europa

But they can't get into the and see the phone numbers and contact names that have been uploaded to the bluetooth speaker phone, right?

I've never heard of a BT speaker phone that holds contacts, so I can't speculate intelligently there. Usually the contacts are held in the phone.

Originally Posted by Europa

The manual said that the phone calls are encrypted but if they are listening right through the mic that wouldn't matter, correct?

BT devices can generally only hold one connection at a time, so your phone (for example) would not be able to handle two connections at a time - one on a call and one to an eavesdropper. However, if you were NOT on BT, then it depends on the phone -- does it permit more than one connection to the mic at the same time?

If they were able to monitor a call, then the encryption would indeed be a moot point.

Originally Posted by Europa

Is that eavesdropping only possible when you are on a phone call or when you are in your car just talking to a passenger?

Notwithstanding what I said above, only when you are talking to a passenger. You can also talk THROUGH the BT - so picture you're driving along and someone comes over your BT headset/car kit saying, "Dude.. Those shades don't match your shirt..."...

Europa · 06-25-2009, 08:59 AM

After pairing the superant bluetooth to the phone, it uploads the contacts to the bluetooth speaker phone (but it's optional). This way when a call comes in, instead of the voice saying, "call from 123-456-7890", it says, "call from Mike".

The manual said it can only be paired to one device at a time.

I don't understand the last part. Just to clarify, you mean they can only listen when your talking to people in the car and NOT while your talking on the phone through the BT? If so, you would see the light go on indicating the speaker is active, right?

Do you avoid bluetooth because of that vunerability?
I mean people can easily listen in to your conversations over cordless phones, but that doesn't stop the general population from using them. I'm always cautious about what I say over the phone, regardless if it's cell, home landline, home cordless, BT etc. You never know who's listening.

JoeT · 06-25-2009, 09:11 AM

Originally Posted by Europa

After pairing the superant bluetooth to the phone, it uploads the contacts to the bluetooth speaker phone (but it's optional). This way when a call comes in, instead of the voice saying, "call from 123-456-7890, it says, "call from Mike".

Coolness! So yes, that could indicate a vulnerability if it resembles a phone at the BT level.

Originally Posted by Europa

I don't understand the last part. Just to clarify, you mean they can only listen when your talking to people in the car and NOT while your talking on the phone through the BT?

In almost all cases, assuredly yes. I don't know of a headset that will accept more than one connection at a time.

Originally Posted by Europa

Do you avoid bluetooth because of that vunerability?
I mean people can easily listen in to your conversations over cordless phones, but that doesn't stop the general population from using them. I'm always cautious about what I say over the phone, regardless if it's cell, home landline, home cordless, BT etc. You never know who's listening.

No. The range of BT is so limited as to render a monitoring session mostly useless. Someone would have to follow you quite obviously or be constantly aiming a 2.4Ghz beam antenna at you from whatever distance to monitor more than a snippet of conversation. And, at that, in practical terms, this is likely to be random eavesdropping, not targeted eavesdropping. I don't think anyone will hear much more of your conversation than they would if they were standing near you in a store. They move on, you move on.

Now, if you get a police force, the FBI, or a nation-state involved..... But I'll leave those considerations as an exercise to the conspiracy theorists amongst us.

Europa · 06-25-2009, 09:20 AM

If someone activated the speaker phone mic from the outside so they could listen in on the conversations you're having in the car, you would see the light go on on the bluetooth speaker phone indicating the speaker is active, right?

Europa · 06-25-2009, 01:14 PM

The thing I don't understand is that the BlueAnt Supertooth 3 speaker phone has to be put in "pairing mode" from the device itself. If you don't put it in pairing mode, how can someone pair with it even if they know the default passcode for it? Additionally, it tells you through the speaker phone when it is paired with the new device.

Anyone else have any opinions on this?

JoeT · 06-25-2009, 01:29 PM

Originally Posted by Europa

If someone activated the speaker phone mic from the outside so they could listen in on the conversations you're having in the car, you would see the light go on on the bluetooth speaker phone indicating the speaker is active, right?

Depends on the unit in question.

JoeT · 06-25-2009, 01:35 PM

Originally Posted by Europa

The thing I don't understand is that the BlueAnt Supertooth 3 speaker phone has to be put in "pairing mode" from the device itself. If you don't put it in pairing mode, how can someone pair with it even if they know the default passcode for it? Additionally, it tells you through the speaker phone when it is paired with the new device.

Anyone else have any opinions on this?

It's not paired - it's connected to. Big difference.

Here's some links to peruse.

http://trifinite.org/trifinite_stuff_carwhisperer.html

http://gizmodo.com/gadgets/clips/how...ets-328664.php
(Joshua Wright, the person in the video on this page, is a recognized security expert. He did leave out some details, such as how to get the address of the headset you're going to target, but suffice it to say that it's like wardriving for WiFi -- trivial).