Can bt devices connect without peering?

First of all, it's 'pairing' not 'peering'. Since normally bluetooth devices
operate in pairs that's how it got it's name.

And yes, it's possible for some devices to be set up so that no special
'pairing' procedure is needed, but that's up to the operator of the device
whether or not to allow that. Normally the 'pairing' process is needed
though.


"Kevin Steen" <news@INVALIDE.kevinsteen.net> wrote in message
news:aAF6d.163825$hZ3.80940@fe2.news.blueyonder.co .uk...
> Is it possible for an application on a bluetooth device to connect to the
> same application on another (previously unknown) device? I'm thinking of
> something like the way a TCP connection can be established between any two
> IP devices.
>
> In my reading of the available Bluetooth info there was a "Briefcase
> trick"
> described where walking past an access point allowed the bt device to
> detect the ap, connect and transfer data. I'd like to write an application
> which does a similar trick between two PDAs.
>
> I keep reading about bluetooth devices requiring a peering process before
> any communication can happen - is this always the case? How does pushing a
> vCard work if the devices have never been peered?
>
> Many thanks for any enlightenment or pointers to further reading.
> -Kevin
> ---
> Remove the obvious error to make my email address usable.

Removing the (default) requirement for pairing devices would make them open
to all sort of attackes, er, uses. For example you could be drinking you
coffee in Starbucks and someone with a Pocket PC could be using the GPRS
connection through your mobile phone. Not nice, uh?

Also, people could start installing apps that others don't want. There's no
PUSH here. Most of apps require PULL, that is, the user has to install it,
initiate the download. Otherwise you would walk down the shopping centre and
your Pocket PC or Palm would be full very quickly with all sort of uneeded
promotional apps, right? Lucky that these devices have Bluetooth off by
default when they're not in use. And even luckier they don't accept
connections from non-paired devices by default...

--
Mauricio Freitas, Microsoft MVP Mobile Devices
Bluetooth guides: http://www.geekzone.co.nz/content.asp?contentid=449
Geekzone Software Store: http://www.geekzone.co.nz/store
Our RSS feeds give you up to date information on new software as soon as
they're available: http://www.geekzone.co.nz/content.asp?contentid=3344



"Bob the Printer" <bdolson@comcast.net> wrote in message
news:4_ednYywuaGc1cbcRVn-hA@comcast.com...
> First of all, it's 'pairing' not 'peering'. Since normally bluetooth
> devices operate in pairs that's how it got it's name.
>
> And yes, it's possible for some devices to be set up so that no special
> 'pairing' procedure is needed, but that's up to the operator of the device
> whether or not to allow that. Normally the 'pairing' process is needed
> though.
>
>
> "Kevin Steen" <news@INVALIDE.kevinsteen.net> wrote in message
> news:aAF6d.163825$hZ3.80940@fe2.news.blueyonder.co .uk...
>> Is it possible for an application on a bluetooth device to connect to the
>> same application on another (previously unknown) device? I'm thinking of
>> something like the way a TCP connection can be established between any
>> two
>> IP devices.
>>
>> In my reading of the available Bluetooth info there was a "Briefcase
>> trick"
>> described where walking past an access point allowed the bt device to
>> detect the ap, connect and transfer data. I'd like to write an
>> application
>> which does a similar trick between two PDAs.
>>
>> I keep reading about bluetooth devices requiring a peering process before
>> any communication can happen - is this always the case? How does pushing
>> a
>> vCard work if the devices have never been peered?
>>
>> Many thanks for any enlightenment or pointers to further reading.
>> -Kevin
>> ---
>> Remove the obvious error to make my email address usable.
>
>

Mauricio Freitas wrote:

> Removing the (default) requirement for pairing devices would make them
> open to all sort of attackes, er, uses. For example you could be drinking
> you coffee in Starbucks and someone with a Pocket PC could be using the
> GPRS connection through your mobile phone. Not nice, uh?
>
> Also, people could start installing apps that others don't want. There's
> no PUSH here. Most of apps require PULL, that is, the user has to install
> it, initiate the download. Otherwise you would walk down the shopping
> centre and your Pocket PC or Palm would be full very quickly with all sort
> of uneeded promotional apps, right? Lucky that these devices have
> Bluetooth off by default when they're not in use. And even luckier they
> don't accept connections from non-paired devices by default...

And at one time before the specs were finalized there were morons who were
proposing susceptibility to this kind of advertising as an "advantage".
Thank God wiser heads prevailed.

--
--John
Reply to jclarke at ae tee tee global dot net
(was jclarke at eye bee em dot net)

YES IT CAN

Especialy with cell phones it is very easy to hack the phone using the
bluetooth connection of a lap top
All it needs is a linux opperating system and a programma such as btscanner.

I have seen a item off this today on a consumer programme warning people how
easy it is to download ALL data from there phone to that lap top.
And after sending a general SMS to all cell phones with bluetooth that where
on the square.
4 people showed up to ask what was going on with there phone only to here it
had been HACKED.

Even politicians have no clue because they where the second group to fall
victim to this guy and after hearing there list off appointments from a
total stranger they turned off there phone and bought a new phone WITHOUT
bluetooth.

Bluetooth is nice but it is so easy to hack.

O and once you have hacked a bluetooth phone you also use that persons phone
to spy on them because it has a microphone and a transmitter.
Easy to see if that guy is with his wife or secret girlfriend.
And placing a call with the STOLEN IMEI code is from this point easy and the
phone no longer has to be in bluetooth range to be hacked.

So if you have a bluetooth phone be very very carefull or I will hack it.
LOL

(>'.'<)




"Kevin Steen" <news@INVALIDE.kevinsteen.net> schreef in bericht
news:aAF6d.163825$hZ3.80940@fe2.news.blueyonder.co .uk...
> Is it possible for an application on a bluetooth device to connect to the
> same application on another (previously unknown) device? I'm thinking of
> something like the way a TCP connection can be established between any two
> IP devices.
>
> In my reading of the available Bluetooth info there was a "Briefcase
> trick"
> described where walking past an access point allowed the bt device to
> detect the ap, connect and transfer data. I'd like to write an application
> which does a similar trick between two PDAs.
>
> I keep reading about bluetooth devices requiring a peering process before
> any communication can happen - is this always the case? How does pushing a
> vCard work if the devices have never been peered?
>
> Many thanks for any enlightenment or pointers to further reading.
> -Kevin
> ---
> Remove the obvious error to make my email address usable.

(>'.' wrote:

> YES IT CAN
>
> Especialy with cell phones it is very easy to hack the phone using the
> bluetooth connection of a lap top
> All it needs is a linux opperating system and a programma such as
> btscanner.
>
> I have seen a item off this today on a consumer programme warning people
> how easy it is to download ALL data from there phone to that lap top.
> And after sending a general SMS to all cell phones with bluetooth that
> where on the square.
> 4 people showed up to ask what was going on with there phone only to here
> it had been HACKED.
>
> Even politicians have no clue because they where the second group to fall
> victim to this guy and after hearing there list off appointments from a
> total stranger they turned off there phone and bought a new phone WITHOUT
> bluetooth.
>
> Bluetooth is nice but it is so easy to hack.
>
> O and once you have hacked a bluetooth phone you also use that persons
> phone to spy on them because it has a microphone and a transmitter.
> Easy to see if that guy is with his wife or secret girlfriend.
> And placing a call with the STOLEN IMEI code is from this point easy and
> the phone no longer has to be in bluetooth range to be hacked.
>
> So if you have a bluetooth phone be very very carefull or I will hack it.
> LOL

References please. You remind me of the guy who told me that he could get
all data out of my computer. When pressed for details on how, he waffled.
Finally to shut him up I put a thousand bucks in an account, put the
account number in a file, told him the file name, told him if he could get
it he could have the thousand bucks, even told him the dial-up number for
my machine. Fifteen years later the thousand bucks is still there. I
guess I really should close it--it's pretty clear he's not going to
collect.

Might be possible for an expert to exploit a bug in somebody's bluetooth
stack, but he'd still have to get within 30 feet of the phone and then his
hack would only work if the manufacturer used the particular stack that
he's got the hack for and only until the bug got fixed.

As for politicians, how did the guy get within 30 feet of enough politicians
for anybody to notice?

> (>'.'<)
>
>
>
>
> "Kevin Steen" <news@INVALIDE.kevinsteen.net> schreef in bericht
> news:aAF6d.163825$hZ3.80940@fe2.news.blueyonder.co .uk...
>> Is it possible for an application on a bluetooth device to connect to the
>> same application on another (previously unknown) device? I'm thinking of
>> something like the way a TCP connection can be established between any
>> two IP devices.
>>
>> In my reading of the available Bluetooth info there was a "Briefcase
>> trick"
>> described where walking past an access point allowed the bt device to
>> detect the ap, connect and transfer data. I'd like to write an
>> application which does a similar trick between two PDAs.
>>
>> I keep reading about bluetooth devices requiring a peering process before
>> any communication can happen - is this always the case? How does pushing
>> a vCard work if the devices have never been peered?
>>
>> Many thanks for any enlightenment or pointers to further reading.
>> -Kevin
>> ---
>> Remove the obvious error to make my email address usable.

--
--John
Reply to jclarke at ae tee tee global dot net
(was jclarke at eye bee em dot net)

Moin,

Am Tue, 05 Oct 2004 07:27:47 -0400 schrieb J. Clarke:

> References please.

You're right, he's grossly exaggerating. There's no problem with
Bluetooth per se (well, there are some, but not that big) but only with
particular implementations, especially in some mobile phones. But as
we've all learned from Blaster and friends today no one's worrying about
updating their software against security vulnerabilities.

> Might be possible for an expert to exploit a bug in somebody's
> bluetooth stack, but he'd still have to get within 30 feet of the
> phone

Nope. It has been demonstrated that (using the right, read: big,
antenna) attacks are possible within a much broader range. 1 mile for
example: http://trifinite.org/trifinite_stuff_bluebug.html#news

> and then his hack would only work if the manufacturer used the
> particular stack that he's got the hack for and only until the bug got
> fixed.

Oh well, in today's monoculture there are only so many different phone
types in large use. Just go to right location (big train station for
example) and you'll certainly get more than one vulnerable phone within
minutes. As for fixing: see above.

--
Henryk Plötz
Grüße aus Berlin
~~~~~~~ Un-CDs, nein danke! http://www.heise.de/ct/cd-register/ ~~~~~~~
~ Help Microsoft fight software piracy: Give Linux to a friend today! ~

Henryk Plötz wrote:

> Moin,
>
> Am Tue, 05 Oct 2004 07:27:47 -0400 schrieb J. Clarke:
>
>> References please.
>
> You're right, he's grossly exaggerating. There's no problem with
> Bluetooth per se (well, there are some, but not that big) but only with
> particular implementations, especially in some mobile phones. But as
> we've all learned from Blaster and friends today no one's worrying about
> updating their software against security vulnerabilities.
>
>> Might be possible for an expert to exploit a bug in somebody's
>> bluetooth stack, but he'd still have to get within 30 feet of the
>> phone
>
> Nope. It has been demonstrated that (using the right, read: big,
> antenna) attacks are possible within a much broader range. 1 mile for
> example: http://trifinite.org/trifinite_stuff_bluebug.html#news

Interesting. I suspect that he was using a directional antenna though.
>
>> and then his hack would only work if the manufacturer used the
>> particular stack that he's got the hack for and only until the bug got
>> fixed.

> Oh well, in today's monoculture there are only so many different phone
> types in large use. Just go to right location (big train station for
> example) and you'll certainly get more than one vulnerable phone within
> minutes. As for fixing: see above.
>

--
--John
Reply to jclarke at ae tee tee global dot net
(was jclarke at eye bee em dot net)