The BlueBag is a roll-aboard suitcase filled with hardware. That gear is loaded with software to scan for Bluetooth devices and launch attacks against those, the two men said.
"We started evaluating how Bluetooth technology was spread in a metropolitan area," Carettoni said. "We went around airports, offices and shopping malls and realized that a covered bag can be used quite effectively for malicious purposes."
Power is supplied by a PicoPSU power supply that can keep the electronics in the bag running for up to 10 hours. The system is essentially a small computer that runs Gentoo Linux and some custom software.
The total cost of the BlueBag is about $750, the researchers say.
Details collected by the BlueBag include the type of devices, and which services are available on them. Additionally, the BlueBag could be used to send information to gadgets within range.
The Italian researchers have tested the bag in public places in Italy and found many discoverable Bluetooth devices in malls, at an airport and in offices. Most of the devices were phones.
"This complex attack scenario can help to understand that the risk of a Bluetooth worm is definitely real," Carettoni said. "It is not difficult to exploit existing knowledge to perform this kind of attack, with just 600 euros (about $750) a person can build a BlueBag and do quite massive Bluetooth scanning."
Bluetooth attacks are considered . While some pests have surfaced that attack Bluetooth-enabled cell phones, none have spread widely. Analysts at Gartner believe a widespread attack could surface by the end of next year.
The BlueBag can be controlled remotely using a Palm-based handheld device, for example. Of course, the remote uses Bluetooth wireless connectivity.