Every few months there’s some sensational news reporting that some high profile individual doesn’t use bluetooth wireless headphones and everyone goes “Wait, what?”. From Taylor Swift’s public appearances featuring exclusive use of wired headphones to former Vice President Kamala Harris on The Late Show with Stephen Colbert stating:
Remy shares his experience building custom hardware for a scalable Bluetooth Low Energy (BLE) survey, discussing problems encountered, and providing a replicable solution that the audience can implement for approximately $100 (no soldering required).
In iOS if you are: Using Apple Maps for directions Playing Music Connected to a car over Bluetooth (not Apple CarPlay) …when you pause your music it will remain paused until the next direction is audibly announced by Apple Maps. At which point, the music will unpause itself once the Apple Maps voice is done talking. Additionally, because all music apps for iOS utilize the OS-hosted audio contols, closing the music app entirely does not stop this behavior. You must uninstall the app. You may think that navigating to iOS settings and disabling that app’s ability to utilize mobile data may limit the impact. However, this simply makes it play the current song which has already been cached.
In this blog, the second in the series, you will learn about how to build a database of Bluetooth Low-Energy (BTLE) Generic Attribute (GATT) Universally Unique Identifiers (UUIDs) capable of remotely identifying Bluetooth Low-Energy devices for the purposes of vulnerability research, exploitation, and quantifying impact.
On April 18th, 2020 during peak COVID I did my first real foray into Bluetooth Low-Energy (BTLE) privacy and security. A neighbor in my apartment complex lost their Fitbit Charge 2 smartwatch. I succeeded in “cloning” the watch’s Bluetooth profile in such a way that I could observe when the rightful owners phone would attempt to connect, thus indicating and tracking that the owner was in local proximity. This worked and the smartwatch was returned to it’s rightful owner.
Where last I left off in Adventures in Bluetooth: Part 1, I was originally attempting to flash custom firmware to a Fitbit Charge 2 smartwatch and ended up taking a quite large side-quest. Let’s see how far I can make it towards the objective this time!
Symbian OS, Android, Radio Frequencies, BTSNOOZ, BTSNOOP, and getting kicked in the teeth. Below follows a chronicling of deciding to explore Bluetooth by hacking the firmware for a Fitbit Smartwatch and realizing I was in way over my head and slowly trying to regain any hope of understanding.