Detecting Gas Pump Skimmers by Bluetooth signature (Bluetana / SkimPlus)
Posted: Sun Aug 18, 2019 8:12 am
Hello,
take a look at this: https://thehackernews.com/2019/08/credi ... ector.html
They use a sequence of steps to see if a bluetooth device is a skimmer inside a ATM / Gas pump.
Bluetana paper: http://cseweb.ucsd.edu/~schulman/docs/s ... uetana.pdf
Basically they see if the MAC prefix (Section 3.1 on the paper above) of the bluetooth device is fitting a list of known skimmers, then if the name is default.
As WiGLE also scans bluetooth, it should be possible to filter out such "strange" devices?
(Actually, im wondering why they did not mention WiGLE in their paper)
EDIT:
some sample searches:
HC-05 devices in the US (10 results!)
https://api.wigle.net/api/v2/bluetooth/ ... country=US
HC-06 devices in the US (2 results)
https://api.wigle.net/api/v2/bluetooth/ ... country=US
All the results match the given "capabilities" = "Uncategorized" by Bluetana, but the current WiGLE Api does not have a option to give this a search parameter
So if this 12 Results would be seen on a map, and they are located at a gas station = win ?
take a look at this: https://thehackernews.com/2019/08/credi ... ector.html
They use a sequence of steps to see if a bluetooth device is a skimmer inside a ATM / Gas pump.
Bluetana paper: http://cseweb.ucsd.edu/~schulman/docs/s ... uetana.pdf
Basically they see if the MAC prefix (Section 3.1 on the paper above) of the bluetooth device is fitting a list of known skimmers, then if the name is default.
As WiGLE also scans bluetooth, it should be possible to filter out such "strange" devices?
(Actually, im wondering why they did not mention WiGLE in their paper)
EDIT:
some sample searches:
HC-05 devices in the US (10 results!)
https://api.wigle.net/api/v2/bluetooth/ ... country=US
HC-06 devices in the US (2 results)
https://api.wigle.net/api/v2/bluetooth/ ... country=US
All the results match the given "capabilities" = "Uncategorized" by Bluetana, but the current WiGLE Api does not have a option to give this a search parameter
So if this 12 Results would be seen on a map, and they are located at a gas station = win ?