/>
X

Photos: Drive-by hacks from a suitcase

Built for less than $750, this case filled with gear can scan for Bluetooth devices, then launch attacks against them.
30455.jpg
1 of 5 Bill Detwiler/ZDNet

Researchers with suitcase

Luca Carettoni (left) and Claudio Merloni are security consultants at Milan, Italy-based Secure Network. The two created the BlueBag to raise awareness about the potential of attacks against Bluetooth-enabled devices, they said in an interview at the Black Hat security event in Las Vegas.

The BlueBag is a roll-aboard suitcase filled with hardware. That gear is loaded with software to scan for Bluetooth devices and launch attacks against those, the two men said.

"We started evaluating how Bluetooth technology was spread in a metropolitan area," Carettoni said. "We went around airports, offices and shopping malls and realized that a covered bag can be used quite effectively for malicious purposes."

30456.jpg
2 of 5 Bill Detwiler/ZDNet

open case

Packed inside the suitcase is hardware including a Via Mini-ITX motherboard, an Apple Computer iPod hard-disk drive, some memory and nine Bluetooth dongles.

Power is supplied by a PicoPSU power supply that can keep the electronics in the bag running for up to 10 hours. The system is essentially a small computer that runs Gentoo Linux and some custom software.

The total cost of the BlueBag is about $750, the researchers say.

30457.jpg
3 of 5 Bill Detwiler/ZDNet

inside the case

The system inside the suitcase can retrieve data from discoverable Bluetooth devices such as cell phones, laptops, handheld computers and GPS navigation gear.

Details collected by the BlueBag include the type of devices, and which services are available on them. Additionally, the BlueBag could be used to send information to gadgets within range.

30458.jpg
4 of 5 Bill Detwiler/ZDNet

bluetooth dongle

The BlueBag uses off-the-shelf Bluetooth dongles, nine in total. One has been modified and connected to an omnidirectional Netgear antenna to give it extra range and improve scanning.

The Italian researchers have tested the bag in public places in Italy and found many discoverable Bluetooth devices in malls, at an airport and in offices. Most of the devices were phones.

"This complex attack scenario can help to understand that the risk of a Bluetooth worm is definitely real," Carettoni said. "It is not difficult to exploit existing knowledge to perform this kind of attack, with just 600 euros (about $750) a person can build a BlueBag and do quite massive Bluetooth scanning."

Bluetooth attacks are considered a threat of the future. While some pests have surfaced that attack Bluetooth-enabled cell phones, none have spread widely. Analysts at Gartner believe a widespread attack could surface by the end of next year.

30459.jpg
5 of 5 Bill Detwiler/ZDNet

handheld controller

The BlueBag can be controlled remotely using a Palm-based handheld device, for example. Of course, the remote uses Bluetooth wireless connectivity.

Related Galleries

Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup
shutterstock-1024665187.jpg

Related Galleries

Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup

8 Photos
Inside a fake $20 '16TB external M.2 SSD'
Full of promises!

Related Galleries

Inside a fake $20 '16TB external M.2 SSD'

8 Photos
Hybrid working, touchscreen MacBook hopes, cybersecurity concerns, and more: ZDNet's tech research roundup
Asian woman working at a desk in front of a computer and calculator

Related Galleries

Hybrid working, touchscreen MacBook hopes, cybersecurity concerns, and more: ZDNet's tech research roundup

8 Photos
Developer trends, zero-day risks, 5G speeds, and more: Tech research roundup
Person seated at a booth in a cafe looks at their phone and laptop.

Related Galleries

Developer trends, zero-day risks, 5G speeds, and more: Tech research roundup

10 Photos
Drive Electric Day: A dizzying array of EVs in sunny Florida
ca3b4019-26c5-4ce0-a844-5aac39e2c34b.jpg

Related Galleries

Drive Electric Day: A dizzying array of EVs in sunny Florida

16 Photos
Incipio, Kate Spade, and Coach cases for Samsung Galaxy S22 Ultra: hands-on
s22-ultra-incipio-coach-cases-2.jpg

Related Galleries

Incipio, Kate Spade, and Coach cases for Samsung Galaxy S22 Ultra: hands-on

15 Photos
Casetify Impact Crush Galaxy S22 Ultra case hands-on: in pictures
casetify-s22-ultra-3.jpg

Related Galleries

Casetify Impact Crush Galaxy S22 Ultra case hands-on: in pictures

10 Photos