Bluedriving at extreme range - 1 kilometer file transfer.

The date: Wednesday, July 28th 2004
The time: 12:00 PM PDT
The test: Connect to a low-power Bluetooth cellphone from a distance of 1 kilometer

The result: Success!

On a sunny afternoon in California, author Mike Outmesguine and John Hering and James Burgess from Flexilis ventured outside to experiment with a high-gain antenna connected to a Class 1 Bluetooth adapter kit from Bluedriving.com. The plan was to connect to a Class 3 cell phone and attempt to transfer a file over the air at an extreme range of 1 kilometer (about 3,300 feet).

Using a 19 dBi panel antenna, a Linksys USB Class 1 adapter sporting a pigtail mod, and a Sony laptop with the default Widcomm drivers, the Bluedrivers transferred a picture file from a Sony-Ericsson T610 using the phone's built-in Obex file transfer protocol.

The devices were paired prior to the long-distance test. This was not an example of a bluetooth attack, but it's clear that long distance attacks are now possible.

Three files were copied off of the device during the test. Two files has been copied previously, while one file was had never been transferred until this test to ensure it was a true FTP over-the-air transfer.

The test was organized from two sides, Side A (the highest easily accesible point in the region, at the top of a local landmark called the A hill) and side B (car parked on side of road). Side A placed a person with the cellphone in visual line of sight with the Side B. Side B consisted of the high-gain antenna connected to the laptop USB adapter. One person operated the laptop (mainly by pressing F5 to refresh the Bluetooth FTP list and selecting files to transfer), while another person held the high-gain antenna aimed at the top of the A hill.

The equipment is essentially off-the-shelf and easily available. While components are available from stores like Fry's and Radio Shack, Bluedriving.com sells the equipment in kit form. With a slight cable modification, this test shows that, based on previous research inthe area, bluetooth functions (and exploits) can now be performed from distances thought to be impossible. A cell phone bluetooth device was not thought to have enough power to traverse distances greater than a few dozen feet.

A typical unmodified cell phone can be reached at a distance of one kilometer by using slightly modified equipment on only one side of the link. Imagine the possibilities with modifications on both ends of the link!