Bluetooth communications are on the increase. Millions of users use the technology to connect to peripherals that simplify and provide greater comfort and experience.

There is a trick or hack for iOS 10.3.2 and earlier that takes advantage of the management of the profiles causing impact on the privacy of users who use Bluetooth technology daily.

From the iOS device information leak caused by the incorrect management of profiles, a lot of information about the user and their background may be obtained.

This tool represents a software implementation of the DirtyTooth Speaker in the form of a .deb package for Raspberry Pi.

When the iOS system detects a Bluetooth signal, the user can visualize the device with which it wants to connect.

The speaker that appears in the Bluetooth discovery is announcing the A2DP profile, a profile to play audio via the Bluetooth connection. When the user clicks on it, the pairing is completed, with no need for a PIN in versions Bluetooth 2.1 or higher.

After a few seconds, the speaker Bluetooth can change its profile to a PBAP profile for example.

If this happens, iOS will perform the profile change without displaying any type of notification to the user.

Note the existence of a weakness or an accessibility configuration extra in iOS. When the profile change is carried out without notification, the synchronization of contacts is enabled by default, giving access to it. In other words, DirtyTooth is a trick or hack that can take advantage of this accessibility configuration.

The provided tool can start or stop a Bluetooth agent. The agent waits for a device to pair with it. The agent will not ask the device any PIN code, not token in order to pair. This represents an implementation of Bluetooth 4.0 (in the case of the Raspberry Pi 3), maximizing the ease of use.

Once an iOS device has been paired and connected, the dirtytooth script is automatically called in order to collect the contact info, as well as the call history, at the /root/dirtytooth folder.

The tool does not require any mayor interaction: it works automatically.

DirtyTooth for Raspberry Pi

You may also be interested in

  • cloud-professional-services-migration

    Cloud Professional Services: Migration

  • alias robotic

    Telefónica Tech and Alias Robotics created the CS4R laboratory

  • navantia

    Navantia y Telefónica Tech: the Future of Cyber Defence