Jump to content
Hak5 Forums
OPS32

Bluetooth Pineapple

Recommended Posts

OPS32   
Quote

The Bluetooth Pineapple – Man in The Middle attack (CVE-2017-0783)
Man-in-The-Middle (MiTM) attacks allow the attacker to intercept and intervene in all data going to or from the targeted device. To create a MiTM attack using Wi-Fi, the attacker requires both special equipment, and a connection request from the targeted device to an open WiFi network. In Bluetooth, the attacker can actively engage his target, using any device with Bluetooth capabilities. The vulnerability resides in the PAN profile of the Bluetooth stack, and enables the attacker to create a malicious network interface on the victim’s device, re-configure IP routing and force the device to transmit all communication through the malicious network interface. This attack does not require any user interaction, authentication or pairing, making it practically invisible.

 

Research Paper: http://go.armis.com/blueborne-technical-paper

 

  • Like 1

Share this post


Link to post
Share on other sites
digip   

Someone had just posted this at work the other day. Haven't had a chance to watch it yet. Interesting. I don't use bluetooth for anything but my cars have it on by default, so not good.

Share this post


Link to post
Share on other sites
UnLo   

Literally just read about blue borne.. Good to see a spot to discuss it here. Need to do some more reading 

Share this post


Link to post
Share on other sites
Spoonish   

Is the word Pineapple in this context an actual term used in BT trchnology stack or is Pineapple becomming synonymous with rogue AP and MiTM attacks?

Share this post


Link to post
Share on other sites
UnLo   
Just now, Spoonish said:

Is the word Pineapple in this context an actual term used in BT trchnology stack or is Pineapple becomming synonymous with rogue AP and MiTM attacks?

I'm guessing the latter after seeing the video 

Share this post


Link to post
Share on other sites
digip   

Draw your own conclusions but I think the name is just a name and more or less to give people the sense of the same type of attacks as the hak5 pineapple. Still, if it doesn't work the same way as a pineapple with respect to listening for probes and then brining in device connections, it may be more or less just marketing hype to get the word out.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

×