Photos: Drive-by hacks from a suitcase
Image 1 of 5
Packed inside the suitcase is hardware including a Via Mini-ITX motherboard, an Apple Computer iPod hard-disk drive, some memory and nine Bluetooth dongles. rnrn
rnPower is supplied by a PicoPSU power supply that can keep the electronics in the bag running for up to 10 hours. The system is essentially a small computer that runs Gentoo Linux and some custom software. rn
rnThe total cost of the BlueBag is about $750, the researchers say.
The system inside the suitcase can retrieve data from discoverable Bluetooth devices such as cell phones, laptops, handheld computers and GPS navigation gear. rnrn
rnDetails collected by the BlueBag include the type of devices, and which services are available on them. Additionally, the BlueBag could be used to send information to gadgets within range.
The BlueBag uses off-the-shelf Bluetooth dongles, nine in total. One has been modified and connected to an omnidirectional Netgear antenna to give it extra range and improve scanning. rnrn
rnrnThe Italian researchers have tested the bag in public places in Italy and found many discoverable Bluetooth devices in malls, at an airport and in offices. Most of the devices were phones. rn
rnrn”This complex attack scenario can help to understand that the risk of a Bluetooth worm is definitely real,” Carettoni said. “It is not difficult to exploit existing knowledge to perform this kind of attack, with just 600 euros (about $750) a person can build a BlueBag and do quite massive Bluetooth scanning.”rn
rnBluetooth attacks are considered a threat of the future. While some pests have surfaced that attack Bluetooth-enabled cell phones, none have spread widely. Analysts at Gartner believe a widespread attack could surface by the end of next year.
The BlueBag can be controlled remotely using a Palm-based handheld device, for example. Of course, the remote uses Bluetooth wireless connectivity.