How to make a Blue Sniper Rifle

I'll tell you a secret. If you're a curious george and are looking for ways to sniff your neighbourhood for a vulnerable wireless device, the day has come. Firstly, start waking up early for God, your country and that vulnerable device you want to sneak in.

Psst... Come closer...! Now keep this to your self: Everyday in the morning around 7:30am you would see geeksters, GMs and CEOs of all the big Pakistani companies (Like Siemens - Pakistan) amassed over one another at the local "Dunkin Donuts" shop at Schon Circle just to avail heavy doses of caffeine and the holey donuts. Tired of their offices, spouses and kids, these home sick people after a jog at the "Nisar Shaheed Park", relax with the hot mug of their magic elixir in one hand and a stylus in the other!

As these CEOs and GMs continue with their Sip sip ssszzzzipy sounds... they read the news, explore the market trends on fortune and business week and yes they check their email's on that very magic PDA that supports GPRS, WiFi and bluetooth.

Yay!, another sip and amazed with technology they giggle in a sense of amusement totally unaware what the curious george is upto. Among the little things one may expect in their PDAs would be photos of their cute kids, spouse and something not meant for you...

Ahum, ahum... I mean the confidential corporate reports, documents and mayebe even digital keys for a plenty of other stuff that makes the company moving the entire year!

And here comes the threat... Did I mention Bluetooth somewhere? Yes I did! That PDA is bluetooth enabled and most likely vulnerable to BlueSnarfing (pulling up phone book and text message information from insecure Bluetooth-enabled phones - btw I did get Avril's number from paris clinton's phone but not through blue tooth... NOTT!! :P I think the culprit used some other technique, not bluetooth)

In the Defcom12 (2004), John Hering unveiled a device by the name "BlueSniper" that can
be used to slurp phone books, text messages and what not from any vulnerable BlueTooth enabled gadget within a range of 1.1 miles! So that rifle you see up there is not just ANY rifle... Its the "BlueSniper" build by John Hering. For the BlueSniper, walls, buildings or cats dont create any hinderance... it scans right through till it finds its target (A BlueTooth enabled device).

So is this threat from the James Bond 007 style movies that effects the skyscrapers of New York and Manhattan? The threat is equally alarming in our very own neighbourhood as much as it is for the skyrise buildings of New York as the entire process of making the "BlueSniper" has been made public by its founder. To add a little more salt n pepper, the Pakistani companies dont employ any network/wireless security consultants to secure their local hotspots and gadgetry they have bestowed their employees. Companies like PSO, Unilever, GSK, Siemens Pakistan and financial institutions would be the largest target.



The "BlueSniper" which uses the "gumstix 400f-bt" and a 2.4 GHz 14.5 dBi Radome Enclosed Wireless LAN Yagi Antennais and becomes a a complete computer by its self. With an Intel powered processor at a clock rate of 400Mhz, the bluetooth enabled "gumstix 400f-bt"comes equipped with a 64MB RAM, pre-installed Linux Kernel 2.6.10, an apache webserver, SSH and
not to forget plenty of bluetooth utilities all jam packed into that tiny circuit board (gumstix 400f-bt).

Now "gumstix" is something thats typically used inside the PDAs you see everywhere. Only that now its embedded into the so called "BlueSniper" rifle along with a good yagi-antenna (2.4 GHz 14.5 dBi Radome Enclosed Wireless LAN Yagi) which helps you reach a coverage area of a little over 1 mile when BlueSnarfing your neighbourhood. In terms of hardware thats about it. The BlueSniper only needs to have an intelligent gadget connected to a good external antenna as earlier said. If you cant find a gumstix in Pakistan, use any of your OLD PDAs! And if you happen to be the son of the DIG, Polic carrying a big bag pack with a Rifle in you hand at the Schon Circle shouldnt be a problem! In that case you might as well want to stick with a Laptop in that bag if you cant find the gumstix board here...

Now after thats done, rest is for the software. Here, a program called the "BlueBug" comes into the picture. BlueBug is a little program capable of instructing a target bluetooh device to silently call a particular number/channel so that the attcker may intiate a session with the target device (More of like a trojan horse initiater). The attacker's phone number would appear on the victim's recently dialled log, but if the attacker used a throwaway phone, the number would be out of service before the victom find out. Now this little programme was meant to be operated from a laptop, but now its possible to have it running on the powerful "gumstix" (As it has the Linux kernel and a plenty of other stuff built inside it See details).

All in all... the Blue Sniper can be made for as low as $100 (Pakistani chugaars) to max $500. With devices like the BlueSniper (and other's that arent disucssed here), the threat to bluetooth devices is in an all time high RED zone... Many many devices from Nokia, Sony Erricson and Motorolla are vulnerable even to the DEFAULT factory settings

A short list of phones confirmed to be vulnerable to BlueSnarfing

Ericsson T68
Sony Ericsson R520m
Sony Ericsson T68i
Sony Ericsson T610
Sony Ericsson T610
Sony Ericsson Z1010
Sony Ericsson Z600
Nokia 6310
Nokia 6310i
Nokia 7650
Nokia 8910
Nokia 8910i
Siemens S55
Siemens SX1
Motorola V600
Motorola V80

// The above post focusses on bringing awareness among the general public and big corporates
// regarding the security issues related to wireless technology and bluetooth in particular.
// The entire process of making the BlueSniper is not mentioned for obvious reasons...