DirtyTooth for Raspberry Pi
10/08/17. Versión 1.0
Bluetooth communications are on the increase. Millions of users use the technology to connect to peripherals that simplify and provide greater comfort and experience.
There is a trick or hack for iOS 10.3.2 and earlier that takes advantage of the management of the profiles causing impact on the privacy of users who use Bluetooth technology daily.
From the iOS device information leak caused by the incorrect management of profiles, a lot of information about the user and their background may be obtained.
This tool represents a software implementation of the DirtyTooth Speaker in the form of a .deb package for Raspberry Pi. Please find here further details and explanation about the DirtyTooth here and in slideshare.
When the iOS system detects a Bluetooth signal, the user can visualize the device with which it wants to connect and a scenario like the following will be observed.
The speaker that appears in the Bluetooth discovery is announcing the A2DP profile, a profile to play audio via the Bluetooth connection. When the user clicks on it, the pairing is completed, with no need for a PIN in versions Bluetooth 2.1 or higher.
After a few seconds, the speaker Bluetooth can change its profile to a PBAP profile for example.
If this happens, iOS will perform the profile change without displaying any type of notification to the user.
Note the existence of a weakness or an accessibility configuration extra in iOS. When the profile change is carried out without notification, the synchronization of contacts is enabled by default, giving access to it. In other words, DirtyTooth is a trick or hack that can take advantage of this accessibility configuration.
The provided tool can start or stop a Bluetooth agent. The agent waits for a device to pair with it. The agent will not ask the device any PIN code, not token in order to pair. This represents an implementation of Bluetooth 4.0 (in the case of the Raspberry Pi 3), maximizing the ease of use.
Once an iOS device has been paired and connected, the dirtytooth script is automatically called in order to collect the contact info, as well as the call history, at the /root/dirtytooth folder.
The tool does not require any mayor interaction: it simply works automatically.