Bluetooth hijacking!


bluetooth. classic or LE

bluetooth classic is basically a series of specialized serial connections over radio. Bluetooth LE is more like a shared database you can read or write very small values to

bluetooth is a collection of protocol for sending data over 2.4ghz radio

it is MUCH slower than wifi but uses less power

channels are smaller too, so it can handle more interference

the tricky thing about bluetooth is it isn’t just one protocol. There are two main classes of bluetooth.

  • “classic” or 3.0
  • “low energy” or 4.0

actually intercepting bluetooth is hard to do with just a normal adapter because there is no way to predict when channel hops will occur

if you have an SDR you can observe all channels simultaneously thoulgh

it isn’t like wifi where you can switch to monitor mode and conceivably channel-hop to all channels very quckly

only one signal can be active on a single channel at a time

so if bluetooth adapter detects a signal using a channel it “hops” to a free channel

bluetooth operates in an “ISM band” so there is a LOT of interference

I had my 2.4ghz jammed by a faulty microwave oven just a few months ago

usually you need specialized radio hardware

like a hackRF or limeSDR

its really expensive and really hard to use

you need to know physics and math to use it

Ubertooth One is a cheap, open-source Bluetooth network sniffer. … The Ubertooth allows you to use Bluetooth in monitoring mode. This “promiscuous” mode makes the radio pass everything that it picks up onto the host computer.

It is by the same people that made the hackRF

ubertooth is cheaper but the hackRF is WAY more adaptable. Like it can hack cars and doors and drones and cameras and even satelites
and even television.

not that I recommend it, but you can run a (small) pirate tv station from a hackrf.

I use mine to watch tv too

it transmits ATSC radio signals

it transmits ANY radio signals

if your signal is stronger than the TV station it overrides the tv signal

this is VERY illegal, I don’t recommend doing it

the hackRF is a very expensive and delicate device

if you don’t have the right antenna you could build up a standing wave and fry it

also the police will come if you do bad things

they can triangulate your position

its this if you are wondering

if you have the money get a limeSDR though, it supports full duplex mode and is faster

1 Like

Nice, seen a few broadcasts that were of… nefarious intent. What you are referring to is called “snarfing” with is like wifi “sniffing” but looking for bluetooth connections as opposed to access points and routers. We have done long “war drives” in the past where we would drive around finding open and vulnerable access points and people that were tethered to BT connections on old, insecure protocols. It is fascinating to find how many people refuse to update, as they fear change.

Keep it legal!


Thanks! I wish that i would also go someday for “war driving” with my friends…