Hacking Cell Phones via Bluetooth Tools under Linux
Many modern cell phones can take pictures and short video clips. This is great for taking candid photos and sharing them with friends and family at a later time. Modern cell phones also commonly have replaceable themes and ringtones, which are, in essence, 30-second audio clips. On newer phones, ringtones often are MP3 files, replacing older, nonstandard formats. According to many wireless providers, the only way to get your media off the phone is to e-mail yourself using the provider's data transfer service. This can become rather expensive, especially if you take a lot of photos. Some cell phones come with a standard USB connection and can be mounted as USB mass storage devices. Many cell phones, including the phone I currently own (Motorola V551), utilize a nonstandard USB connection. So, instead of purchasing a specialized USB cable, I decided to connect to it using a standard USB Bluetooth dongle. The dongle should work with any phone that supports the Bluetooth protocol.
Bluetooth is a wireless communication protocol that enables transfer speeds of up to 3Mbps and up to 100 meters in distance. It's currently used in various devices, such as printers, keyboards, mice, wireless headsets and GPS receivers. The Bluetooth specification was first developed in 1994 by Ericsson Mobile Platform engineers Sven Mattison and Jaap Haartsen, and it has been adopted as a standard by more than 6,000 companies worldwide. Most modern cell phones now include some sort of Bluetooth wireless capability.
By using Bluetooth, you can push and pull files to and from a cell phone, which is handy if you want to archive photos taken with your cell phone and don't want to pay $.25 or more to e-mail yourself each file. This also allows you to create ringtones from songs that you own in MP3 format (many cell phones let you play standard MP3 audio files). And, some users will be able to connect to the Internet via PPP and other utilities. In this article, we mostly are concerned with the tools available in Linux to access files on your Bluetooth-enabled cell phone. This includes the low-level command-line utilities as well as the GUI applications available under KDE and GNOME. Comparable functionality from a proprietary Windows/Mac application will cost you anywhere from $15–$40 US.
Besides having a Bluetooth-enabled cell phone, you need to have a Bluetooth connection for your computer. Many newer laptops come with an internal Bluetooth card, although most desktops do not. If you don't have built-in Bluetooth capability, you need to purchase some sort of Bluetooth transmitter. The most common are USB 1.1 and 2.0 dongles, which are available from retail electronics outlets and mobile phone vendors. I purchased a D-Link DBT-120 Bluetooth dongle for roughly $25 US. Even though Bluetooth is an industry standard, it's probably a good idea to check hardware-compatibility lists to make sure a particular model will work under Linux. The DBT-120 supports speeds of 723Kbps asymmetrical and 433Kbps symmetrical. Although not blazingly fast, these speeds are reasonable for small file transfers. Newer dongle models will give you up to 3Mbps.
In the past, Linux users would have to recompile their kernel to get the Bluetooth modules working correctly. Fortunately, almost all newer distributions of Linux now come with Bluetooth enabled in the kernel by default.
The BlueZ package is the default toolset for Bluetooth in Linux. You may need to install the Bluetooth utilities before you get started. In Debian, for example, you should install the bluez-utils package at the very least.
Once you have your Bluetooth dongle connected to your machine, you should check whether all the kernel modules are loading correctly:
root@host# lsmod | grep blue
And, you should see something like the following:
bluetooth 41060 14 hidp,rfcomm,l2cap,hci_usb
root@host# dmesg | grep Blue
which should produce something like this:
Bluetooth: Core ver 2.8 Bluetooth: HCI device and connection manager initialized Bluetooth: HCI socket layer initialized Bluetooth: HCI USB driver ver 2.9 Bluetooth: L2CAP ver 2.8 Bluetooth: L2CAP socket layer initialized Bluetooth: RFCOMM socket layer initialized Bluetooth: RFCOMM TTY layer initialized Bluetooth: RFCOMM ver 1.7 Bluetooth: HIDP (Human Interface Emulation) ver 1.1
Everything looks good. Next, you'll need some information about your system:
root@host# hciconfig -a
The above spits out a bunch of lines. You are looking for this line in particular:
Name: 'BlueZ mycomputername'
In some cases, you won't see the BlueZ portion, and the computer name may have a trailing -0.
Next, open the file /etc/bluetooth/hcid.conf with your favorite text editor, and change the following line:
name "BlueZ %h (%d)";
|September 2015 Issue of Linux Journal: HOW-TOs||Sep 01, 2015|
|September 2015 Video Preview||Sep 01, 2015|
|Using tshark to Watch and Inspect Network Traffic||Aug 31, 2015|
|Where's That Pesky Hidden Word?||Aug 28, 2015|
|A Project to Guarantee Better Security for Open-Source Projects||Aug 27, 2015|
|Concerning Containers' Connections: on Docker Networking||Aug 26, 2015|
- Optimization in GCC
- Using tshark to Watch and Inspect Network Traffic
- September 2015 Issue of Linux Journal: HOW-TOs
- Problems with Ubuntu's Software Center and How Canonical Plans to Fix Them
- Concerning Containers' Connections: on Docker Networking
- A Project to Guarantee Better Security for Open-Source Projects
- Where's That Pesky Hidden Word?
- Firefox Security Exploit Targets Linux Users and Web Developers
- My Network Go-Bag
- Doing Astronomy with Python