Monitoring Bluetooth is hard. Hackers accustomed to 802.11 have been spoiled by ubiquitous, inexpensive hardware capable of monitor mode, but similar tools are not available for Bluetooth. Off-the-shelf Bluetooth adapters have been shown to be effective only at monitoring discoverable devices. Efforts to build custom monitoring systems to date have been limited by Bluetooth's frequency hopping through 79 channels.

We will review the options available today for passive Bluetooth monitoring with an emphasis on software radio techniques. Although single channel monitoring with software radio has been demonstrated before, we will show how to extend the technique to all 79 channels and how to predict the target network's pseudo-random hopping sequence using passively collected information. The presentation will feature a live demonstration of the current status of the gr-bluetooth project and a new release of the open source tools.

Michael Ossman
Michael is a wireless security researcher for the Institute for Telecommunication Sciences at the U.S. Department of Commerce Boulder Laboratories in Colorado. He currently develops software radio tools for security research both as a hobby and for his day job.

Dominic Spill
Dominic is a grad student at Imperial College London. Having worked with GNU Radio and Bluetooth security for his undergraduate degree, he released his work to the community in 2007 and continues to actively participate in the gr-bluetooth project. His current research focus is reconfigurable hardware solutions for SDR applications.