follower writes words

Sat, 30 Sep 2006

Bluetooth-based Social Engineering

An article about an advertising sign that uses detection of Bluetooth devices as a way to determine what it should display reminded me of a thought I had during my time in US airports.

For laughs I ran this simple Python script on my Nokia 770 while sitting in various airports:

#!/usr/bin/python

import bluetooth

for i in bluetooth.discover_devices():
    print bluetooth.lookup_name(i)

(It's also possible to get the same results from using the BlueZ command line tools.)

Anyway, in addition to the occasional obscene device name it struck me that device names offer a form of information leakage. (I'm sure that's not an original thought.) I did wonder how much you could get away with from learning someone's name ("Joe Smith's AZ890 Cell") and recognizing the model of phone: "Hey, Joe, Joe Smith, is that you? Wow, long time no see...". So, are generic device names (Bluetooth-accessible or otherwise) simply security-by-obscurity or a vital form of defense against dangerous social engineering? </dum-da-dah!>

Posted at: 11:55 | category: /maemo | Comments ()

Categories

• • / (86)
  • maemo/ (13)
  • talks/ (1)

Archives

• February 2008
• January 2008
• December 2007
• November 2007
• October 2007
• September 2007
• July 2007
• April 2007
• March 2007
• February 2007
• November 2006
• September 2006
• August 2006
• July 2006
• June 2006
• February 2006

Links

• Planet NZTech
• My Project Notes
• Advogato Diary
•  

Contact

follower@rancidbacon.com