ElevenPaths Talks


DirtyTooth: It’s Only Rock’n’Roll, but I like It by Pablo González and Jorge Rivera.

April 30, 2017. Dont miss out ElevenPaths Talks especial edition. Our cyberexperts Pablo González and Jorge Rivera will show how it works the DirtyTooth hack, which reveals how our privacy is on risk using bluetooth with some iOS devices. Sign up for the webinar!

#11Paths Talks: DirtyTooth: It´s Only Rock´n´Roll, but i like it

Communications via bluetooth are ever increasing. Millions of people use this technology every day to connect to devices that help us to make our lives more comfortable, like wereables, loud-speakers, free-hand devices, etc. Dirtytooth is a small hack that takes advantage of the iOS configuration as far as bluetooth profiles management is concerned. This small flaw allows to get detailed information on the users and their environment.

When searching for devices to be connected to our iPhone, we can see in which profile they are, and, based on that profile, the device will request different information. This hack is based on a change of profile that takes place once the user is connected. When connecting to a loudspeaker or to an audio device, the profile A2DP is used. This profile does not need a PIN to be paired and it only requests access to the device audio. Once the connection is made, the A2DP profile will be changed to PBAP. This new profile allows access to the phone contacts and to the call log, and since the change of profile is not notified, the iPhone user will not be aware that his information will be exposed, making much easier a possible attack. Dirtytooth works on iOS 10.2.1 and all previous versions.

You may also like: