Is this unethical hacking?

C

CFu

Baseband Member
Messages
53
A friend of mine claims using this Bluetooth vulnerability tool to scan for Bluetooth networks is ethical hacking and harmless. He is sitting in the bus with a laptop and scanning for people's Bluetooth access points.

The only ethical hacking I know of is by Service Level Agreement; i.e. being professionally contracted to explore - with permission - a strict subset of company data for security improvement purposes.

However, I know that unauthorized scanning for data is illegal in many countries, including in the U.S. Such practices include port scanning. I warned him that what he is doing is unethical (probing without permission) and he could get sued for that.

What's the truth here? Is he performing illegal activities?
 
Of course it's unethical and, probably criminal. How would you feel if you decided to pass a picture of, lets say one of your children, to another member of your family and someone else that you do not even know intercepts that picture and looks at it or even uses it for nefarious purposes. As I say it is utterly unethical and very probably criminal. Unfortunately bluetooth allows itself to be abused in that way.
 
What about the act of simply scanning for Bluetooth access points and not connecting to them? Is that unethical as well? I find it difficult to find the fine line between that and port scanning because normally, scanning for access points is a legal activity, for example, I can just turn on Bluetooth on my phone and search to see if other people have their Bluetooth on. Is that illegal as well?

I've been thinking about it, and I think that the problem here is a combination of the intent and the tool used: the tool used is non-standard, which is why I think it becomes illegal - and his intent is to find other people's devices, but not necessarily connect to them.

The question still remains.. is it illegal to simply scan around for Bluetooth devices (getting a list of access point names and that's it) without connecting to them?
 
The illegality would come from accessing other peoples data. Just scanning around looking for bluetooth access points would not be illegal IMO. Having said that that wasn't what you originally implied and why would you, or anyone else, be looking for other peoples bluetooth access points unless you, or someone else, wanted to steal data. Bluetooth, also, needs an access code to be set up but most people just leave the access code set to the default therefore allowing unauthorised data access very easy. I keep my bluetooth and wireless access on my devices switched off until I want to use them.
 
Someone would look for Bluetooth access points simply to educate oneself on the matter (without probing).

By 'scanning for data', I was implying simply a list of Bluetooth access points as 'data'.

I'm not sure, but I think I haven't needed any access code to access my Bluetooth devices because there is the option to enable Bluetooth broadcast for all devices without verification.
 
Scanning for Bluetooth devices is no different to scanning for wireless networks in my book - non standard tools or otherwise.

IANAL, but I'm pretty sure that the illegal side of it only comes into effect when you're breaking a mechanism that's in place (however rubbish it might be) to stop you gathering access to data. By the time you've deliberately circumvented restrictions, it's pretty hard for you to argue that you did it accidentally and without malicious intent (sure, you might just be doing it for the hell of it, but do you think a non-technical judge at a court hearing would believe that?)
 
Actually if it uses the public airwaves, it is considered public property and as such is fair game to be viewed by anyone that intercepts it. That's why police scanners are legal and why you can buy laser/radar/ladar detectors to skirt around getting speeding tickets.

It's also why I don't use wifi at home or when I am out, I stay to wired connections if it concerns any sensitive material at all.
 
Technician said:
Actually if it uses the public airwaves, it is considered public property and as such is fair game to be viewed by anyone that intercepts it. That's why police scanners are legal and why you can buy laser/radar/ladar detectors to skirt around getting speeding tickets.

It's also why I don't use wifi at home or when I am out, I stay to wired connections if it concerns any sensitive material at all.
Click to expand...

Not necessarily - IANAL, but this almost certainly varies by country, frequency, and whether the traffic is encrypted. There's also sometimes odd laws that distinguish between receiving and decoding a signal (it's legal in the UK to intercept pager traffic for instance, but technically illegal to decode it even though it's not encrypted.)

Intercepting and decoding traffic on the public airwaves isn't necessarily illegal, but it's certainly also not legal by default.
 
Technician said:
lol they still use pagers in the UK? that's just too funny.
Click to expand...

Not really - they're not used by the public at all and haven't been for decades, but hospitals / ambulances certainly still used them a few years ago - they could be intercepted (and theoretically decoded) very easily with an SDR.
 
You must log in or register to reply here.

Similar threads

N
Becoming Hirable?
Replies
6
Views
2K
carnageX
carnageX
J
Touchpad Pointer Freezing Problem - Is there a Solution Out There?
Replies
4
Views
2K
carnageX
carnageX
B
New Laptop
Replies
0
Views
1K
bkg sports
B
Osiris
  • Locked
Contest offers $100,000 for smartphone, browser hacks
Replies
0
Views
1K
Osiris
Osiris
B
  • Locked
wow this computer is messed. HELP!
Replies
1
Views
1K
Osiris
Osiris
Back
Top Bottom