BlueScanner is a Bluetooth device discovery and vulnerability assessment tool for Windows XP.
While enterprises have become increasingly aware of the security concerns surrounding 802.11, Bluetooth vulnerabilities have continued to be ignored. With over 1 billion Bluetooth radios being shipped by 2008, organizations are becoming increasingly exposed to the threat associated with Bluetooth devices.
Aruba Networks BlueScanner is provided free of charge under the Aruba Software License. With a Bluetooth adapter, organizations can use BlueScanner to discover Bluetooth devices, their type (phone, computer, keyboard, PDA, etc.), and the services that are advertised by the devices. BlueScanner will identify any discoverable devices within range and record all information that can be gathered from the device, without attempting to authenticating with the remote device. This information includes the device's "human friendly" name, unique address, type, time of discovery, time last seen, and any Service Discovery Protocol (SDP) information provided by the device.
In addition, BlueScanner allows you to add location information to any discovered devices. This can be easily done by specifying a location name before starting a scan. Once the scan has been started, any discovered devices will be tagged with this location name. The location can of course be changed during a scan, and any devices discovered after changing it will be tagged with the new location.
To keep from drowning the user in all the information that BlueScanner collects, the intuitive user interface allows devices to be filtered according to how recently they were last observed, their location, type, and by specific service.
The following is an overview of the types of vulnerabilities and attacks that have been discovered to date and that BlueScanner can help thwart:
- Information Retrieval and Theft of Service; The BlueSnarf attack allows an attacker to covertly retrieve phonebook and calendar entries from a phone, the phone's business card, and even the phone's IMEI (International Mobile Equipment Identity)
- Tracking and Surveillance; The Bluefish tool can be used to constantly scan an area for Bluetooth devices. When a new device is found, the program, coupled with a camera, will capture an image of the area where the device was discovered and store it in a database, associating the image with the device and the time of discovery.
- Denial of Service Attacks; The BlueSmack attack is are similar in nature to the "ping of death" attack that was able to instantly disable Windows 95 machines instantly.
- Rogue Access Points; Just as 802.11 can make use of access points to provide network connectivity, Bluetooth access points can as well. Therefore, a similar exposure is posed by them, namely rogue access points.
- Reconnaissance and Discovery; Tools such as RedFang, BTScanner and BlueSniff allow an attacker to scan through all possible values used for a device's 48bit address and attempt to connect to them. Once a device is found in this manner, it is just as easy to attack as if it were in discoverable mode.
Where can I buy a Bluetooth adapter that will work with BlueScanner?
There are many adapters listed on Google's Froogle site. We have had success with these two adapters.
- Targus USB adapter
- IOGear USB adapter
I already have a non-Microsoft driver installed for my Bluetooth adapter. How do I install the Microsoft driver?
The best way to revert to the Microsoft driver is to simply uninstall the Bluetooth driver and stack that is currently installed. You can do this using the Add/Remove Programs control panel. Keep in mind that BlueScanner will only work with Windows XP Service Pack 2.
My phone headset is showing up as active in BlueScanner even though it is turned off.
If you have paired a device with your PC then that device will always show as active in BlueScanner, whether or not the device is present. The reason is that Windows does not distinguish between paired devices and active devices when it returns the result of a scan. This means that BlueScanner can't tell which devices are reporting simply because they are paired.