Blog

Get the most innovative insights

Sort By

The data breach earthquake

The aftershocks of a data breach can be catastrophic to a business, whether it’s the loss of sensitive information such as customer records, or the business’ intellectual property finding its way into the wrong hands.  What is certain, is it will have a detrimental impact to the bottom line in one way or another.

The actual cost is often difficult to quantify. Especially when it comes to intellectual property as it is difficult to know how the information has been used and what the opportunity and potential may have been. However, there are occasions when the cost is all too transparent.

This was demonstrated last December, when during the important Christmas shopping period, Target reported a data breach that had compromised the details of up to 110 million customers.  Last week, Target announced its Q4 figures which all too clearly told the story of the devastating aftermath of this data breach – just about every key metric was down on the same period last year – and its profits and share price had fallen significantly. Already, $61m can be attributed directly to the cost of the breach, and analysts are speculating that it could cost towards $1bn in the end, when items such as notifying those affected, credit checks, insurance and so on are factored in.

The recent Barclays Bank customer records leak also highlights the financial consequences as the bank faces penalties from the Financial Conduct Authority (FCA), which can impose unlimited fines, and the Information Commissioner’s Office (ICO), which can impose fines of up to £500,000.  For many businesses the financial impact may not be on the same scale, but still, when the economic conditions are challenging to start with, what business can afford to throw money away on a data breach that could have been avoided if a data loss prevention strategy had been in place?

The aftershocks of a data breach can be catastrophic to a business, whether it’s the loss of sensitive information such as customer records, or the business’ intellectual property finding its way into the wrong hands.  What is certain, is it will have a detrimental impact to the bottom line in one way or another.

The actual cost is often difficult to quantify. Especially when it comes to intellectual property as it is difficult to know how the information has been used and what the opportunity and potential may have been. However, there are occasions when the cost is all too transparent.

This was demonstrated last December, when during the important Christmas shopping period, Target reported a data breach that had compromised the details of up to 110 million customers.  Last week, Target announced its Q4 figures which all too clearly told the story of the devastating aftermath of this data breach – just about every key metric was down on the same period last year – and its profits and share price had fallen significantly. Already, $61m can be attributed directly to the cost of the breach, and analysts are speculating that it could cost towards $1bn in the end, when items such as notifying those affected, credit checks, insurance and so on are factored in.

The recent Barclays Bank customer records leak also highlights the financial consequences as the bank faces penalties from the Financial Conduct Authority (FCA), which can impose unlimited fines, and the Information Commissioner’s Office (ICO), which can impose fines of up to £500,000.  For many businesses the financial impact may not be on the same scale, but still, when the economic conditions are challenging to start with, what business can afford to throw money away on a data breach that could have been avoided if a data loss prevention strategy had been in place?

Read More

The diverse nature of data breaches

There have been two data breaches to note in the news in the last week or so that show the diverse nature of the causes of leaks, and the risks they pose to businesses and their customers.  The perception is that data breaches are targeted malicious attacks by criminal gangs, but this isn’t always necessarily the case.

First to hit the headlines was Tesco’s Club Card data leak. This wasn’t a targeted attack on Tesco’s website itself, but an opportunistic attack using usernames and passwords of at least 2,000 Tesco’s customers obtained from other hacked sources. Customer details along with the corresponding voucher value appeared online, and unsurprisingly, many of the vouchers have been redeemed by the criminals.

The cause of this breach is down to customers using the same username and password for multiple accounts – Tesco has responded quickly to educate and help customers address this issue – but it highlights that prevention of data leaks is more than simply technology; end-user education and best practice is imperative and this incident goes to show that this access point onto a network is a weak link if not managed well.

Second is the Aviva insurance data breach which has resulted in the arrest of two employees. It is alleged that these members of staff were selling customer details to third parties resulting in nuisance calls from personal injury companies. So again, not a malicious attack by a criminal gang, but the result of an internal threat.

This incident reinforces one of the key questions an organisation must ask itself – ‘how sure is the business that it can detect and respond to someone taking sensitive data from its network?’

The end result in both these cases is that customers have been inconvenienced and may feel a betrayal of trust, which despite swift remedial action, could impact the bottom line.

There have been two data breaches to note in the news in the last week or so that show the diverse nature of the causes of leaks, and the risks they pose to businesses and their customers.  The perception is that data breaches are targeted malicious attacks by criminal gangs, but this isn’t always necessarily the case.

First to hit the headlines was Tesco’s Club Card data leak. This wasn’t a targeted attack on Tesco’s website itself, but an opportunistic attack using usernames and passwords of at least 2,000 Tesco’s customers obtained from other hacked sources. Customer details along with the corresponding voucher value appeared online, and unsurprisingly, many of the vouchers have been redeemed by the criminals.

The cause of this breach is down to customers using the same username and password for multiple accounts – Tesco has responded quickly to educate and help customers address this issue – but it highlights that prevention of data leaks is more than simply technology; end-user education and best practice is imperative and this incident goes to show that this access point onto a network is a weak link if not managed well.

Second is the Aviva insurance data breach which has resulted in the arrest of two employees. It is alleged that these members of staff were selling customer details to third parties resulting in nuisance calls from personal injury companies. So again, not a malicious attack by a criminal gang, but the result of an internal threat.

This incident reinforces one of the key questions an organisation must ask itself – ‘how sure is the business that it can detect and respond to someone taking sensitive data from its network?’

The end result in both these cases is that customers have been inconvenienced and may feel a betrayal of trust, which despite swift remedial action, could impact the bottom line.

Read More

RFID Wallets/Sleeves. How much Security do they provide?

With the increasing amount of RFID technology creeping into everyday life.  Just how much data can be obtained from your wallet?  At Pentura we undertook a small experiment where using standard off-the-shelf products, we would attempt to obtain personal information leaked from RFID enabled devices:

  • UK Passport
  • UK Bank Cards Debit/Credit
  • Access Control Tokens

Our experiment used standard unmodified off-the-shelf RFID equipment:

  • 13.56MHz ACR-122U Reader
  • Proxmark3 with LF antenna
  • Proxmark3 with HF antenna
  • Parallax LF EM4x Reader

Our experiment would also collect information on the effectiveness of various defensive technologies, where RFID data exfiltration was not possible:

  • Various paper wallets from eBay
  • Stainless-Steel Wallet(s) from Electronics providers

Our experiment found that the average distance to read HF (Mifare type) cards was approximately 2cms.  Whereas the average distance to read LF (HID,EM4x) cards was more generous at 4inches (10cm).

Pentura observed an almost balance sample of : 49% LF ( 35% HID, 14% EM4x), 51% HF (47% Mifare (45% Mifare 1K or 4K, 2% Mifare DESFire), 4% other).

The 49% of LF cards are easily clone-able using the Proxmark3 and Atmel’s programmable AT55x7 cards, easily affordable from eBay.

Out of the 45% Mifare 1K or 4K cards, 40% used default keys meaning the cards contents could be fully extracted within 5 secs, this time was significantly decreased as the majority of Access Control Data is usually stored in sector 14.  Where 5% of Mifare cards use non-default keys the initial ‘cracking time’ increased to 45secs.  However, once all keys were recovered, they were added to a database that facilitated future cracks of cards containing the same key in under 5 secs.

Only 6% of cards were uncrackable, due to obscure unfamiliar data formats, or the use of Mifare DESFire with a sufficient secret key.

Note: All data was securely destroyed at the end of our experiment!

We found from our sample that 96% of people have RFID enabled devices in either their devices or pockets.  From this sample of people with RFID enabled devices 99.6% are vulnerable to attack.  Our study actually found that 96% used no protection. It was found that 6% used (or thought they used) adequate protection, but in reality the protection offered was merely a simple paper shield, offering no real benefit.  Further studies into the paper-based shields available at affordable prices on eBay revealed  that some shields (possible manufacture error) offered no protection (so be careful what you buy).  Other shields from highly approved sellers offered more protection but circumstances prevail:

  • If at least  a 1/3 of a Credit Card is unprotected it can be scanned
  • If at least 1/2 a passport is unprotected it can be scanned.
  • If the paper-wallet is damaged (creases etc) its protection is ultimately weakened.
plain-white-card-sleeve-paper-cropped
Plain White Card Sleeve – Offering No/Little Protection
$T2eC16NHJIQFHH)3BrNBBSKnKsZJlQ~~60_35
The Stainless-Steel coated paper wallet, provides protection (but not long term)

So what technology were the most savvy security conscious people utilising?  Turns out that some Electronic retailers/re-sellers offer stainless-steel wallets.  Back at our Lab under strict testing conditions, it proved hard to extract RFID data from these wallets. Again we used standard off-the-shelf equipment, referred to above. Even if these wallets were open; fully open, half open, ajar. It still proved difficult to extract any meaningful data for any emanating RF signals.  It was confined that these wallets held up stronger when compared to their paper-based counter parts and are more durable to normal wear and tear.

RFID Wallet 1
RFID Passport Wallet – Stainless-Steel
RFID Wallet 2
RFID Wallet (Cash/Cards) Stainless-Steel

Stress testing the stainless-steel wallets, with random impacts and excessive wear weakened the integrity of the wallet; meaning they are not impervious.  However, they still provided more protection when compared to paper-based protection.  It is important to know that wear and tear, age is a natural progression that will affect the security of these products over time.  But in the short-fall these more durable wallets offer longer term benefits, as opposed to paper-based solutions which are relatively short term.

NoteThe more durable and slightly more expensive wallets may have come up trumps in our research.  But paper-based solutions are cheaper and work well in the short-term; if you use paper-based protection we advise replacing the wallet as soon as it shows signs of wear or damage, this may mean replacing them every 3-6months.

IMPORTANT: If you use NO PROTECTION, we advise implementing one of the above methods to shield your RF data from potential attackers/prying eyes!

With the increasing amount of RFID technology creeping into everyday life.  Just how much data can be obtained from your wallet?  At Pentura we undertook a small experiment where using standard off-the-shelf products, we would attempt to obtain personal information leaked from RFID enabled devices:

  • UK Passport
  • UK Bank Cards Debit/Credit
  • Access Control Tokens

Our experiment used standard unmodified off-the-shelf RFID equipment:

  • 13.56MHz ACR-122U Reader
  • Proxmark3 with LF antenna
  • Proxmark3 with HF antenna
  • Parallax LF EM4x Reader

Our experiment would also collect information on the effectiveness of various defensive technologies, where RFID data exfiltration was not possible:

  • Various paper wallets from eBay
  • Stainless-Steel Wallet(s) from Electronics providers

Our experiment found that the average distance to read HF (Mifare type) cards was approximately 2cms.  Whereas the average distance to read LF (HID,EM4x) cards was more generous at 4inches (10cm).

Pentura observed an almost balance sample of : 49% LF ( 35% HID, 14% EM4x), 51% HF (47% Mifare (45% Mifare 1K or 4K, 2% Mifare DESFire), 4% other).

The 49% of LF cards are easily clone-able using the Proxmark3 and Atmel’s programmable AT55x7 cards, easily affordable from eBay.

Out of the 45% Mifare 1K or 4K cards, 40% used default keys meaning the cards contents could be fully extracted within 5 secs, this time was significantly decreased as the majority of Access Control Data is usually stored in sector 14.  Where 5% of Mifare cards use non-default keys the initial ‘cracking time’ increased to 45secs.  However, once all keys were recovered, they were added to a database that facilitated future cracks of cards containing the same key in under 5 secs.

Only 6% of cards were uncrackable, due to obscure unfamiliar data formats, or the use of Mifare DESFire with a sufficient secret key.

Note: All data was securely destroyed at the end of our experiment!

We found from our sample that 96% of people have RFID enabled devices in either their devices or pockets.  From this sample of people with RFID enabled devices 99.6% are vulnerable to attack.  Our study actually found that 96% used no protection. It was found that 6% used (or thought they used) adequate protection, but in reality the protection offered was merely a simple paper shield, offering no real benefit.  Further studies into the paper-based shields available at affordable prices on eBay revealed  that some shields (possible manufacture error) offered no protection (so be careful what you buy).  Other shields from highly approved sellers offered more protection but circumstances prevail:

  • If at least  a 1/3 of a Credit Card is unprotected it can be scanned
  • If at least 1/2 a passport is unprotected it can be scanned.
  • If the paper-wallet is damaged (creases etc) its protection is ultimately weakened.
plain-white-card-sleeve-paper-cropped
Plain White Card Sleeve – Offering No/Little Protection
$T2eC16NHJIQFHH)3BrNBBSKnKsZJlQ~~60_35
The Stainless-Steel coated paper wallet, provides protection (but not long term)

So what technology were the most savvy security conscious people utilising?  Turns out that some Electronic retailers/re-sellers offer stainless-steel wallets.  Back at our Lab under strict testing conditions, it proved hard to extract RFID data from these wallets. Again we used standard off-the-shelf equipment, referred to above. Even if these wallets were open; fully open, half open, ajar. It still proved difficult to extract any meaningful data for any emanating RF signals.  It was confined that these wallets held up stronger when compared to their paper-based counter parts and are more durable to normal wear and tear.

RFID Wallet 1
RFID Passport Wallet – Stainless-Steel
RFID Wallet 2
RFID Wallet (Cash/Cards) Stainless-Steel

Stress testing the stainless-steel wallets, with random impacts and excessive wear weakened the integrity of the wallet; meaning they are not impervious.  However, they still provided more protection when compared to paper-based protection.  It is important to know that wear and tear, age is a natural progression that will affect the security of these products over time.  But in the short-fall these more durable wallets offer longer term benefits, as opposed to paper-based solutions which are relatively short term.

NoteThe more durable and slightly more expensive wallets may have come up trumps in our research.  But paper-based solutions are cheaper and work well in the short-term; if you use paper-based protection we advise replacing the wallet as soon as it shows signs of wear or damage, this may mean replacing them every 3-6months.

IMPORTANT: If you use NO PROTECTION, we advise implementing one of the above methods to shield your RF data from potential attackers/prying eyes!

Read More

Ubertooth – Bluetooth Sniffing Updated for 2014!

Earlier I noticed this tweet on my twitter feed:

Ubertooth release: https://t.co/cCYHNf34Yc I know it’s been a long time coming, I promise not to leave it so long next time.

— Dominic Spill (@dominicgs) February 20, 2014

So I thought I would walk you through the update, which has improved Operating System support, improved Bluetooth Low Energy (BTLE) support, and GitHub integration to make community development easier….

Highlights

  • Bluetooth Smart (Low Energy) Support
    • Promiscuous and follow modes
    • Pcap format packet logging
    • Pairing / encryption support when paired with crackle
    • Credit for BLE features goes to Mike Ryan
  • Unified host tool for monitoring Basic Rate
    • ubertooth-rx replaces -lap, -uap, -hop tools
    • Once UAP is discovered, ubertooth-rx automatically tries to find clock values and begin hopping
    • Thanks to Will Code for working on this
  • Survey tool – ubertooth-scan
    • Combining both Ubertooth and a standard Bluetooth dongle
    • Ubertooth scans for non-discoverable master devices
    • Dongle probes devices for piconet information and features
  • Cmake now used for the build system
    • Improves support for non-Linux operating systems
    • More sensible handling of dependencies
  • Packaging (Experimental)
    • Early stage support for packaging systems
    • libbtbb in Homebrew repository, Ubertooth coming soon
    • MacPorts availability is under test
    • Release already available in Pentoo
  • GitHub migration
    • libbtbb, Ubertooth and gr-bluetooth all hosted on GitHub
    • Allows for more open development and collaboration model
    • Already seeing an increase in issue reporting and pull requests

Installation

Gentoo/Pentoo

Libbtbb

git clone https://github.com/greatscottgadgets/libbtbb.git
cd libbtbb
mkdir build
cd build
cmake ..
sudo make install

Ubertooth tools

git clone https://github.com/greatscottgadgets/ubertooth.git
cd ubertooth/host
mkdir build
cd build
cmake ..
sudo make install

or if you want ubertooth-follow and ubertooth-scan – enable debug mode, by altering the last command to:

sudo make clock_debug=true install

OSX

Preparation

sudo port install libusb wget py-pyusb-devel cmake

Download

git clone https://github.com/greatscottgadgets/libbtbb.git
git clone https://github.com/greatscottgadgets/ubertooth.git

cd libbtbb
mkdir build
cd build
cmake ..
sudo make install
cd ../..
cd ubertooth/host/
mkdir build
cd build
cmake ..

Now I have not got any appropriate bluetooth header files for OSX (Any hints?) so for now I have edited a CMakeLists.txt file, to remove ubertooth-follow and ubertooth-scan, the other binaries will install correctly.

nano ../ubertooth-tools/src/CMakeLists.txt

change line 59 from

LIST(APPEND TOOLS ubertooth-follow ubertooth-scan)

to

LIST(APPEND TOOLS )

Then continue installing ubertooth

sudo make install

Debian

PyUSB 1.0 is not yet available from the Debian, Ubuntu or Homebrew repositories, if you don’t already have it installed you will need to fetch and build it as follows:

wget https://github.com/walac/pyusb/archive/1.0.0b1.tar.gz -O pyusb-1.0.0b1.tar.gz
tar xvf pyusb-1.0.0b1.tar.gz
cd pyusb-1.0.0b1
sudo python setup.py install

Libbtbb

Next the Bluetooth baseband library (libbtbb) needs to be built for the Ubertooth tools to decode Bluetooth packets:

wget https://github.com/greatscottgadgets/libbtbb/archive/2014-02-R2.tar.gz -O libbtbb-2014-02-R2.tar.gz
tar xf libbtbb-2014-02-R2.tar.gz
cd libbtbb-2014-02-R2
mkdir build
cd build
cmake ..
make
sudo make install

Ubertooth Tools

The Ubertooth repository contains host code for sniffing Bluetooth packets, configuring the Ubertooth and updating firmware. All three are built and installed by default using the following method:

wget https://github.com/greatscottgadgets/ubertooth/archive/2014-02-R2.tar.gz -O ubertooth-2014-02-R2.tar.gz
tar xf ubertooth-2014-02-R2.tar.gz
cd ubertooth-2014-02-R2/host
mkdir build
cd build
cmake ..
make
sudo make install

Ubertooth Tools-dev ++

If using the ubertooth-follow tool, the Bluetooth library headers are required and the tools need to be built with the “clock_debug” flag set:

sudo apt-get install libbluetooth-dev
cd ubertooth-2014-02-R2/host/build
make clock_debug=true
sudo make clock_debug=true install

Other

Kismet

wget https://kismetwireless.net/code/kismet-2013-03-R1b.tar.xz
tar xf kismet-2013-03-R1b.tar.xz
cd kismet-2013-03-R1b
ln -s ../ubertooth-2014-02-R2/host/kismet/plugin-ubertooth .
./configure
make && make plugins
sudo make suidinstall
sudo make plugins-install
Add "pcapbtbb" to the "logtypes=..." line in kismet.conf

Wireshark

Go back to the folder where you downloaded the libbtbb git repository

cd libbtbb
cd wireshark/plugins

in turn visit each directory: btatt btbb btle bdsm

cd build
cmake ..
sudo make install
cd ../..

Firmware Update 2014-02-R1

Backup Existing Firmware

$ sudo ubertooth-dfu --read ubertooth-one-bin-firmware-2012-10-R1.dfu
................................................................................................................................
Read complete

You may get the following message:

No DFU devices found - attempting to find Ubertooth devices

1) Found 'Ubertooth One' with address 0x1d50 0x6002

Select a device to flash (default:1, exit:0):

Select your device, to put your device in dfu-mode.
Then you may need to re-issue the command.

Note: If you performing this over a Virtual Machine, the Ubertooth in dfu mode has a different USB VID:PID, so you may need to reattach the dongle through the USB menu.

How To Flash 2014-02-R1 Firmware

First, grab the latest firmware from the Ubertooth release page. At the time of this writing, this is version 2014-02-R1.

You may then run the ubertooth-dfu command like so:

$ ubertooth-dfu --write ubertooth-one-bin-firmware.dfu
Checking firmware signature
................................................................................................................................
Write complete

Press enter, and the device will automatically enter DFU mode and flash the firmware. When done, you can return it into regular operation mode by unplugging and replugging it, or running

ubertooth-dfu --detach

Check Which Version You are Running?

In non-DFU mode, you can obtain firmware information with ubertooth-util -v. The latest release (2014-02-R1) will appear like this:

$ ubertooth-util -v
Firmware revision: git-4412704
$ ubertooth-util -V
ubertooth 2014-02-R1 (dominicgs@mercury) Wed Jan 29 23:10:46 GMT 2014

Earlier I noticed this tweet on my twitter feed:

Ubertooth release: https://t.co/cCYHNf34Yc I know it’s been a long time coming, I promise not to leave it so long next time.

— Dominic Spill (@dominicgs) February 20, 2014

So I thought I would walk you through the update, which has improved Operating System support, improved Bluetooth Low Energy (BTLE) support, and GitHub integration to make community development easier….

Highlights

  • Bluetooth Smart (Low Energy) Support
    • Promiscuous and follow modes
    • Pcap format packet logging
    • Pairing / encryption support when paired with crackle
    • Credit for BLE features goes to Mike Ryan
  • Unified host tool for monitoring Basic Rate
    • ubertooth-rx replaces -lap, -uap, -hop tools
    • Once UAP is discovered, ubertooth-rx automatically tries to find clock values and begin hopping
    • Thanks to Will Code for working on this
  • Survey tool – ubertooth-scan
    • Combining both Ubertooth and a standard Bluetooth dongle
    • Ubertooth scans for non-discoverable master devices
    • Dongle probes devices for piconet information and features
  • Cmake now used for the build system
    • Improves support for non-Linux operating systems
    • More sensible handling of dependencies
  • Packaging (Experimental)
    • Early stage support for packaging systems
    • libbtbb in Homebrew repository, Ubertooth coming soon
    • MacPorts availability is under test
    • Release already available in Pentoo
  • GitHub migration
    • libbtbb, Ubertooth and gr-bluetooth all hosted on GitHub
    • Allows for more open development and collaboration model
    • Already seeing an increase in issue reporting and pull requests

Installation

Gentoo/Pentoo

Libbtbb

git clone https://github.com/greatscottgadgets/libbtbb.git
cd libbtbb
mkdir build
cd build
cmake ..
sudo make install

Ubertooth tools

git clone https://github.com/greatscottgadgets/ubertooth.git
cd ubertooth/host
mkdir build
cd build
cmake ..
sudo make install

or if you want ubertooth-follow and ubertooth-scan – enable debug mode, by altering the last command to:

sudo make clock_debug=true install

OSX

Preparation

sudo port install libusb wget py-pyusb-devel cmake

Download

git clone https://github.com/greatscottgadgets/libbtbb.git
git clone https://github.com/greatscottgadgets/ubertooth.git

cd libbtbb
mkdir build
cd build
cmake ..
sudo make install
cd ../..
cd ubertooth/host/
mkdir build
cd build
cmake ..

Now I have not got any appropriate bluetooth header files for OSX (Any hints?) so for now I have edited a CMakeLists.txt file, to remove ubertooth-follow and ubertooth-scan, the other binaries will install correctly.

nano ../ubertooth-tools/src/CMakeLists.txt

change line 59 from

LIST(APPEND TOOLS ubertooth-follow ubertooth-scan)

to

LIST(APPEND TOOLS )

Then continue installing ubertooth

sudo make install

Debian

PyUSB 1.0 is not yet available from the Debian, Ubuntu or Homebrew repositories, if you don’t already have it installed you will need to fetch and build it as follows:

wget https://github.com/walac/pyusb/archive/1.0.0b1.tar.gz -O pyusb-1.0.0b1.tar.gz
tar xvf pyusb-1.0.0b1.tar.gz
cd pyusb-1.0.0b1
sudo python setup.py install

Libbtbb

Next the Bluetooth baseband library (libbtbb) needs to be built for the Ubertooth tools to decode Bluetooth packets:

wget https://github.com/greatscottgadgets/libbtbb/archive/2014-02-R2.tar.gz -O libbtbb-2014-02-R2.tar.gz
tar xf libbtbb-2014-02-R2.tar.gz
cd libbtbb-2014-02-R2
mkdir build
cd build
cmake ..
make
sudo make install

Ubertooth Tools

The Ubertooth repository contains host code for sniffing Bluetooth packets, configuring the Ubertooth and updating firmware. All three are built and installed by default using the following method:

wget https://github.com/greatscottgadgets/ubertooth/archive/2014-02-R2.tar.gz -O ubertooth-2014-02-R2.tar.gz
tar xf ubertooth-2014-02-R2.tar.gz
cd ubertooth-2014-02-R2/host
mkdir build
cd build
cmake ..
make
sudo make install

Ubertooth Tools-dev ++

If using the ubertooth-follow tool, the Bluetooth library headers are required and the tools need to be built with the “clock_debug” flag set:

sudo apt-get install libbluetooth-dev
cd ubertooth-2014-02-R2/host/build
make clock_debug=true
sudo make clock_debug=true install

Other

Kismet

wget https://kismetwireless.net/code/kismet-2013-03-R1b.tar.xz
tar xf kismet-2013-03-R1b.tar.xz
cd kismet-2013-03-R1b
ln -s ../ubertooth-2014-02-R2/host/kismet/plugin-ubertooth .
./configure
make && make plugins
sudo make suidinstall
sudo make plugins-install
Add "pcapbtbb" to the "logtypes=..." line in kismet.conf

Wireshark

Go back to the folder where you downloaded the libbtbb git repository

cd libbtbb
cd wireshark/plugins

in turn visit each directory: btatt btbb btle bdsm

cd build
cmake ..
sudo make install
cd ../..

Firmware Update 2014-02-R1

Backup Existing Firmware

$ sudo ubertooth-dfu --read ubertooth-one-bin-firmware-2012-10-R1.dfu
................................................................................................................................
Read complete

You may get the following message:

No DFU devices found - attempting to find Ubertooth devices

1) Found 'Ubertooth One' with address 0x1d50 0x6002

Select a device to flash (default:1, exit:0):

Select your device, to put your device in dfu-mode.
Then you may need to re-issue the command.

Note: If you performing this over a Virtual Machine, the Ubertooth in dfu mode has a different USB VID:PID, so you may need to reattach the dongle through the USB menu.

How To Flash 2014-02-R1 Firmware

First, grab the latest firmware from the Ubertooth release page. At the time of this writing, this is version 2014-02-R1.

You may then run the ubertooth-dfu command like so:

$ ubertooth-dfu --write ubertooth-one-bin-firmware.dfu
Checking firmware signature
................................................................................................................................
Write complete

Press enter, and the device will automatically enter DFU mode and flash the firmware. When done, you can return it into regular operation mode by unplugging and replugging it, or running

ubertooth-dfu --detach

Check Which Version You are Running?

In non-DFU mode, you can obtain firmware information with ubertooth-util -v. The latest release (2014-02-R1) will appear like this:

$ ubertooth-util -v
Firmware revision: git-4412704
$ ubertooth-util -V
ubertooth 2014-02-R1 (dominicgs@mercury) Wed Jan 29 23:10:46 GMT 2014
Read More

JOIN NEWSLETTER

Know What We're Up To!