National Cyber Warfare Foundation (NCWF)


Warning: Undefined array key "PeopleID" in /var/www/html/includes/libUser.php on line 492

Digital Forensics: Scanning for Malicious Bluetooth Devices
0 user ratings		2026-03-02 21:09:28
milo
Red Team (CNA)
Welcome back, my aspiring DFIR investigators! In recent years, as we have investigated home hacking, we have been surprised at how many times the vector of attack is Bluetooth. In our modern homes, bluetooth is used for connectivity between so many devices including; Speakers Headphones Earbuds Televisions Appliances Smart home devices. Wearables (watches, glasses, health […

Welcome back, my aspiring DFIR investigators!





In recent years, as we have investigated home hacking, we have been surprised at how many times the vector of attack is Bluetooth. In our modern homes, bluetooth is used for connectivity between so many devices including;





Speakers





Headphones





Earbuds





Televisions





Appliances





Smart home devices.





Wearables (watches, glasses, health monitors, etc.)





In many cases, we have found signals from over 100 devices in homes! This is a huge attack surface!





In recent weeks, we have been working on a bluetooth scanner to find these malicious bluetooth connections into the victim’s home. Before we could complete it, Dave Kennedy, (Founder of Trusted Sec and author of Metasploit books), released an excellent Bluetooth scanner with all the features we wanted. Thank you, Dave. Great minds think alike.





This tool can be used in so many ways. For instance, it was used to try to find Savannah Guthrie’s (Savannah Guthrie is a popular American TV journalist whose mother was kidnapped) mother. She had heart pacemaker implanted in her chest and the pacemaker had bluetooth capability. They used this scanner on drone searching the desert where she disappeared hoping to pick up that bluetooth signal. Unfortunately, it was unsuccesful but it does hint at some of the innovative ways this scanner might used. Some other possible uses include:






  1. Detecting compromised bluetooth devices in your home;




  2. Detecting the movements of an individual;




  3. Detecting stalkers and intruders




  4. Tracking children and others in your home;




  5. Finding lost devices.





I intend to post articles here on each of these applications in the near future.





In this post, I will show how this excellent tool works and how you can use it to detect malicious bluetooth connections in your home.









Step #1: Download and Install





You can download and install this tool here.





https://github.com/HackingDave/btrpa-scan





kali > git clone http://github.com/HackingDave/btrpa-scan





kali> cd btrpa-scan





kali > pip install .





Now, make certain that bluetooth in enabled on your system.





kali > sudo systemctl start bluetooth





Step #2: Help Screen





Now that you have successfully downloaded and installed this app, let’s start using it.





As usual, I prefer to always look at the help screen first.





kali > btrpa -h









As you can see in the screenshot above, this tool has a wide range of options. In this first tutorial, we will try to introduce you to the most basic and expand upon those in future tutorials.





Step #3: Run Your First Scan





To run this tool, you can start it with -a option for all.





kali > sudo ./btrpa-scan -a









As you can see above, the btrpa scanner begins to scan all the devices in the area. It provides an extensive set of data about each device including:






  1. MAC address




  2. Name




  3. RSSI




  4. Manufacturer




  5. Services




  6. Platform Data: This includes such key information as Address Type, Paired, Bonded, Trusted





The scanner continues through multiple iterations of the nearby devices.









When the scan is complete, you get a summary of the devices the scanner has seen and how many times.









In many cases, you will want to save these results to file for analysis. You can use the -o option followed by the file name such as;





kali > sudo ./btrpa-scan -a -o /home/kali/ble_scan.txt





You can also choose to view the results in an interactive table by using the –tia option.





kali> sudo ./btrpa-scan -a –tia









Step #4: Using the GUI Bluetooth Radar





For many people, a graphical look at the data will enhance it usefulness. All of us are visual people, just some are more so. To view the bluetooth devices in your area, simply start the btrpa-scan with –gui option such as;





kali> sudo ./btrpa-scan -a –gui





When you do, the scanner will act like an aircraft radar, scanning all the devices in the area and position them on a GUI relative to your position. The scanner opens a browser at localhost:5000 automatically.This can be especially useful if you are trying to determine the location of a malicious bluetooth device beyond your four walls, find lost devices, or monitor stalkers and intruders.









As you can see in this screenshot, the “radar” scans repeatedly and indicates the approximate location of the devices relative to your position. The devices are then displayed to the far right table.





Summary





With the proliferation of Bluetooth in our daily lives in so many devices, hackers are finding it fertile ground to attack our homes. This tool can help to detect all the Bluetooth devices in your area and their location. In addition, you can determine which have been paired and connected.





In future posts here, I’ll show you how you can use this tool to detect:





1. stalkers and intruders.





2. Malicious connections







Source: HackersArise
Source Link: https://hackers-arise.com/digital-forensics-scanning-for-malicious-bluetooth-devices/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Red Team (CNA)


Copyright 2012 through 2026 - National Cyber Warfare Foundation - All rights reserved worldwide.