Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 09-18-2016, 08:23 PM   #1
CFu
Baseband Member
 
Join Date: Mar 2011
Posts: 50
Exclamation Is this unethical hacking?

A friend of mine claims using this Bluetooth vulnerability tool to scan for Bluetooth networks is ethical hacking and harmless. He is sitting in the bus with a laptop and scanning for people's Bluetooth access points.

The only ethical hacking I know of is by Service Level Agreement; i.e. being professionally contracted to explore - with permission - a strict subset of company data for security improvement purposes.

However, I know that unauthorized scanning for data is illegal in many countries, including in the U.S. Such practices include port scanning. I warned him that what he is doing is unethical (probing without permission) and he could get sued for that.

What's the truth here? Is he performing illegal activities?
__________________

CFu is offline   Reply With Quote
Old 09-19-2016, 03:29 AM   #2
In Runtime
 
Join Date: Nov 2014
Location: UK
Posts: 397
Default Re: Is this unethical hacking?

Of course it's unethical and, probably criminal. How would you feel if you decided to pass a picture of, lets say one of your children, to another member of your family and someone else that you do not even know intercepts that picture and looks at it or even uses it for nefarious purposes. As I say it is utterly unethical and very probably criminal. Unfortunately bluetooth allows itself to be abused in that way.
__________________

pete.i is offline   Reply With Quote
Old 09-19-2016, 04:01 AM   #3
CFu
Baseband Member
 
Join Date: Mar 2011
Posts: 50
Default Re: Is this unethical hacking?

What about the act of simply scanning for Bluetooth access points and not connecting to them? Is that unethical as well? I find it difficult to find the fine line between that and port scanning because normally, scanning for access points is a legal activity, for example, I can just turn on Bluetooth on my phone and search to see if other people have their Bluetooth on. Is that illegal as well?

I've been thinking about it, and I think that the problem here is a combination of the intent and the tool used: the tool used is non-standard, which is why I think it becomes illegal - and his intent is to find other people's devices, but not necessarily connect to them.

The question still remains.. is it illegal to simply scan around for Bluetooth devices (getting a list of access point names and that's it) without connecting to them?
CFu is offline   Reply With Quote
Old 09-19-2016, 10:36 AM   #4
In Runtime
 
Join Date: Nov 2014
Location: UK
Posts: 397
Default Re: Is this unethical hacking?

The illegality would come from accessing other peoples data. Just scanning around looking for bluetooth access points would not be illegal IMO. Having said that that wasn't what you originally implied and why would you, or anyone else, be looking for other peoples bluetooth access points unless you, or someone else, wanted to steal data. Bluetooth, also, needs an access code to be set up but most people just leave the access code set to the default therefore allowing unauthorised data access very easy. I keep my bluetooth and wireless access on my devices switched off until I want to use them.
pete.i is offline   Reply With Quote
Old 09-19-2016, 11:07 AM   #5
CFu
Baseband Member
 
Join Date: Mar 2011
Posts: 50
Default Re: Is this unethical hacking?

Someone would look for Bluetooth access points simply to educate oneself on the matter (without probing).

By 'scanning for data', I was implying simply a list of Bluetooth access points as 'data'.

I'm not sure, but I think I haven't needed any access code to access my Bluetooth devices because there is the option to enable Bluetooth broadcast for all devices without verification.
CFu is offline   Reply With Quote
Old 09-21-2016, 08:22 PM   #6
Site Team
 
berry120's Avatar
 
Join Date: Jul 2009
Location: England, UK
Posts: 3,423
Default Re: Is this unethical hacking?

Scanning for Bluetooth devices is no different to scanning for wireless networks in my book - non standard tools or otherwise.

IANAL, but I'm pretty sure that the illegal side of it only comes into effect when you're breaking a mechanism that's in place (however rubbish it might be) to stop you gathering access to data. By the time you've deliberately circumvented restrictions, it's pretty hard for you to argue that you did it accidentally and without malicious intent (sure, you might just be doing it for the hell of it, but do you think a non-technical judge at a court hearing would believe that?)
__________________
Save the whales, feed the hungry, free the mallocs.
berry120 is offline   Reply With Quote
Old 09-28-2016, 05:51 PM   #7
Daemon Poster
 
Technician's Avatar
 
Join Date: Feb 2016
Location: US
Posts: 588
Default Re: Is this unethical hacking?

Actually if it uses the public airwaves, it is considered public property and as such is fair game to be viewed by anyone that intercepts it. That's why police scanners are legal and why you can buy laser/radar/ladar detectors to skirt around getting speeding tickets.

It's also why I don't use wifi at home or when I am out, I stay to wired connections if it concerns any sensitive material at all.
Technician is offline   Reply With Quote
Old 09-28-2016, 06:37 PM   #8
Site Team
 
berry120's Avatar
 
Join Date: Jul 2009
Location: England, UK
Posts: 3,423
Default Re: Is this unethical hacking?

Quote:
Originally Posted by Technician View Post
Actually if it uses the public airwaves, it is considered public property and as such is fair game to be viewed by anyone that intercepts it. That's why police scanners are legal and why you can buy laser/radar/ladar detectors to skirt around getting speeding tickets.

It's also why I don't use wifi at home or when I am out, I stay to wired connections if it concerns any sensitive material at all.
Not necessarily - IANAL, but this almost certainly varies by country, frequency, and whether the traffic is encrypted. There's also sometimes odd laws that distinguish between receiving and decoding a signal (it's legal in the UK to intercept pager traffic for instance, but technically illegal to decode it even though it's not encrypted.)

Intercepting and decoding traffic on the public airwaves isn't necessarily illegal, but it's certainly also not legal by default.
__________________
Save the whales, feed the hungry, free the mallocs.
berry120 is offline   Reply With Quote
Old 09-28-2016, 06:44 PM   #9
Daemon Poster
 
Technician's Avatar
 
Join Date: Feb 2016
Location: US
Posts: 588
Default Re: Is this unethical hacking?

lol they still use pagers in the UK? that's just too funny.
Technician is offline   Reply With Quote
Old 09-28-2016, 06:47 PM   #10
Site Team
 
berry120's Avatar
 
Join Date: Jul 2009
Location: England, UK
Posts: 3,423
Default Re: Is this unethical hacking?

Quote:
Originally Posted by Technician View Post
lol they still use pagers in the UK? that's just too funny.
Not really - they're not used by the public at all and haven't been for decades, but hospitals / ambulances certainly still used them a few years ago - they could be intercepted (and theoretically decoded) very easily with an SDR.
__________________

__________________
Save the whales, feed the hungry, free the mallocs.
berry120 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 03:52 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0