Information Security News

BlueSpy: PoC to record audio from a Bluetooth device

by ·

BlueSpy – PoC to record audio from a Bluetooth device

This repository contains the implementation of a proof of concept to record and replay audio from a Bluetooth device without the legitimate user’s awareness.

The PoC was demonstrated during the talk BSAM: Seguridad en Bluetooth at RootedCON 2024 in Madrid.

It’s designed to raise awareness about the insecure use of Bluetooth devices, and the need of a consistent methodology for security evaluations. That’s the purpose of BSAM, the Bluetooth Security Assessment Methodology, published by Tarlogic and available here.

This proof of concept exploits the failure to comply with the BSAM-PA-05 control within the BSAM methodology. Consequently, the device enables the pairing procedure without requiring user interaction and exposes its functionality to any agent within the signal range.

Troubleshooting

BlueSpy.py is the main script that executes every step of the process. However, if you encounter issues with any of the phases, so it might be helpful to execute them individually:

  • pair.py utilizes the command-line tool btmgmt to modify the configuration of your BlueZ and initiate a pairing process with the remote device. The exact commands used are in the pair function inside core.py.
  • connect.py utilizes the command-line tool bluetoothctl to initiate a quick scan (necessary for BlueZ) and establish a connection to the device. The exact commands used are in the connect function inside core.py.
  • just_record.py utilizes the command-line tools pactl and parecord to search for the device in the system’s audio sources (it must function as a microphone) and initiate a recording session. The exact commands used are in the record function inside core.py.
  • The playback function inside core.py executes paplay to play back the captured audio.

If you encounter issues with any of the phases, examine the commands in core.py and try to execute them in a shell. This will provide more information on what may be failing.

Install & Use

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Tags: