When you think of being hacked, you think of the basics: infrared, RFID, Wi-Fi, network security, door locks, etc. This is what people usually worry about. But what about Bluetooth? What risks does it entail? And are there any tools in a do-it-yourself hacker’s arsenal to exploit it?
The Ubertooth One is a small, open source USB device with an antenna powered by an ARM Cortex-M3 chip and a CC2400 wireless transceiver. Plug it into your computer’s USB port and you can sniff and monitor Bluetooth signals from nearby devices.
The Ubertooth itself is older technologyoriginally created by Michael Ossmann or Great Scott Gadgets in 2011. Before that, there were Bluetooth monitoring devices, but they were usually expensive and technical, such as the Ellisys Bluetooth Explorer, which costs about as much as a used car. This version lets you do the same thing in a smaller, cheaper package – $125 is a much, much easier pill to swallow!
The Ubertooth One was the first affordable Bluetooth sniffer and was a game-changer in many ways. You can configure it to snoop on Bluetooth Low Energy devices using Wireshark, kismetand various other software (including at least one program) used by the government). But it has some serious limitations on what it can do. It is primarily intended to target the newer BLE standard, which is still useful as most of the innovations in Bluetooth in recent years have revolved around BLE rather than the Bluetooth Classic standard. It’s not particularly good at sniffing Bluetooth Classic though, and that limits the range of what it can do for older devices.
While the Ubertooth One won’t be as useful as a commercial Bluetooth sniffer, you can still do quite a bit with it or a similar device. There are countless BLE devices and many people do not consider Bluetooth to be a vulnerability.
I won’t say you couldn’t. The project itself is mature, robust and very well documented for people who want to get out and learn. Programs like Wireshark are actually quite simple. But there are more intuitive devices than these for a novice trying to get into pen testing and hacking, and much easier places to start (such as the WiFi Nugget, or even the Flipper Zero). And for many people an Android phone or a laptop with Kali Linux would take you pretty far.
