some bluetooth device may contain a hidden channel that is not listed by sdp and to which one connect without any password protection.
once connected one can send any AT command and the mobile phone will execute without question.
This can be used to completely remote control the device.
The possibility of this exploit go from reading the phone book , calender to sending the messages ,making calls etc.
Search for nokia AT commands and start executing them while performing this attack.
Lets start writing the code
##required libraries
##check if proper arguements are passed to the script or not and if not simply exit
##set the arguement values to the variable
##create a socket object from lightblue library and pass the bluetooth address and the channel id to the connect method of the socket object. and connect to the device.
##once the connection is made start executing the nokia AT commands and once we will exit the loop we will simply close the socket connection
You can check the whole script under this repository : blue bug exploit
Checkout some more hacking scripts
| SECURING SYSTEM | BLUETOOTH ATTACKS | STEALING AND SNIFFING ATTACKS | KALI LINUX HACKING COMMANDS CHEATSHEET | TROJAN AND BACKDOORS | DICTIONARY AND BURTEFORCING ATTACKS | MAN IN THE MIDDLE ATTACKS |
|---|---|---|---|---|---|---|
| 1. Sign & Verify message | 1. Bluetooth discovery | 1. Stealing saved wifi password from windows | 1. Hacking commands with Kali Linux | 1. Command and Control Trojan | 1. Dictionary Attack | 1. Man in Browser Attack |
| 2. SandBox Detection | 2. Bluetooth SDP browsing | 2. Sniffing packets | 2. Reverse shell in python | |||
| 3. TCP Proxy | 3. Bluetooth OBEX | 3. Email Credential sniffers | 3. Keylogger | |||
| 4. Bluetooth RCOMM channel scanner | 4. Screenshot with Python | |||||
| 5. Blue Bug Exploit | 5. Backdoor with Python | |||||
| 6. Blue Snarf Exploit | ||||||
| 7. Bluetooth spoofing | ||||||
| 8. Bluetooth sniffing |