BadBluetooth Attack Demos

This website is for NDSS 2019 paper:

​[NDSS’19] Fenghao Xu, Wenrui Diao, Zhou Li, Jiongyi Chen and Kehuan Zhang. BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals. The 26th Annual Network and Distributed System Security Symposium, San Diego, CA, Feb 2019.

---------------------------------------

In all demos, the Bluetooth app (MyTestApplication) doesn't declare any extra permissions. Also, the system Bluetooth switch has been turned off by the user, then the screen is also turned off. At the same time, the attack app has been running in the background.

1. Demo for HID Attack:

When the attack is launched, the malicious Bluetooth device is connected to the host phone with the help of Bluetooth app. This device could work as an external keyboard and automatically execute several operations like a real user, like reading contacts, killing processes, modifying app permissions, shutting down the phone, etc.

2. Demo for PAN Attack:

Video1 (NAP):

In this attack, the device will act as a Network Access Point (NAP) thus launching MITM attack like sniffing and spoofing.

Video 2 (PANU):

In this attack, the device will act as a PAN user. And the app will try to pair and open the tethering setting. Then the device can connect to the phone and consume the Internet.

Note that this attack is still available even the phone has been securely locked with pattern password.

3. Demo for HFP Attack:

When the attack is launched, the malicious Bluetooth device is connected to the host phone with the help of Bluetooth app. This device could work as a headset phone and makes a phone call to any number, such as "123456789".

Note that this attack is still available even the phone has been securely locked with pattern password.