http://tinyurl.com/dmqod
From the above link:
Since Adam and Marcel were at Blackhat and DEFCON in Las Vegas, I had to
do the 'Bluetooth Security' talk at What The Hack by myself (and the
help of Collin).
After introducing the various Bluetooth security flaws (old and new
ones) that were identified mainly by the trifinite.group also a new
toool has been released.
This new toool is called The Car Whisperer and allows people equipped
with a Linux Laptop and a directional antenna to inject audio to, and
record audio from bypassing cars that have an unconnected Bluetooth
handsfree unit running. Since many manufacturers use a standard passkey
which often is the only authentication that is needed to connect.
This tool allows to interact with other drivers when traveling or maybe
used in order to talk to that pushy Audi driver right behind you ;) . It
also allows to eavesdrop conversations in the inside of the car by
accessing the microphone.
Since the attacker's laptop is fully trusted once it has a valid link
key, the laptop could be used in order to access all the services
offered on the hands-free unit. Often, phonebooks are stored in these
units. I am quite certain that there will be more issues with the
security of these systems due to the use of standard passkeys.
