Bluetooth Testing
Bluetooth is a common protocol that is used to connect peripherals and other I/O
devices to a system. This system can be a desktop computer, a laptop, or even a smart‐
phone. Peripherals have a wide variety of capabilities that are defined by profiles.
Bluetooth uses radio transmission to communicate, with a frequency range that is
close to one of the ranges used by WiFi. Bluetooth is a relatively low-power transmis‐
sion medium; commonly, you have a range of up to about 30 feet. Bluetooth devices
are required to pair with one another before any information can be passed from one
device to another. Depending on the complexity of the device, the pairing may be as
simple as identifying the peripheral after putting it into pairing mode or it may
require confirming a PIN on either side.
If you have a Bluetooth radio in your computer, you can use it to perform testing with
the tools provided by Kali. You may wonder why Bluetooth is strictly relevant when it
comes to security testing. With so many devices, offering so many services, including
file transmission, sensitive company information could be available to attackers if the
Bluetooth device isn’t appropriately locked down. Because of the potential sensitivity
of what a Bluetooth device can provide access to as well as the potential for acquiring
information (imagine an attacker getting remote access to a keyboard, for instance, as
a user starts to type a username and password imagining the keyboard is still connec‐
ted to their system), Bluetooth devices will commonly be undiscoverable unless
specifically put into a state where they are discoverable.
The industrial, scientific, and medical (ISM) radio band is a set of
frequencies that have been allocated for use by a range of devices.
This includes microwave ovens, which is the appliance that trig‐
gered the allocation to begin with, in 1947. The 2.4GHz–2.5GHz
range is used by microwaves, WiFi, Bluetooth, and other applica‐
tions.
Scanning
While you may not get much in the way of devices available, a few tools can be used
to scan for local Bluetooth devices. Keep in mind that this is something you need to
be in close proximity to do. If the building you are working in is large, you will need
to do a lot of scans from numerous locations in the building. Don’t assume that pick‐
ing even a central location will give you meaningful results.
The first tool is provided by the
bluez-tools
package. It isn’t specifically related to
security testing but instead is a utility that is used to manage Bluetooth devices. The
program
hciutil
uses the human-computer interaction interface in your system. In my
case, it’s a Bluetooth dongle that is connected via USB. To identify Bluetooth devices
