We've been developing a Bluetooth honeypot. An early prototype was given a test run at the CeBIT trade fair during the week. The embedded device announces itself as a Bluetooth phone in discoverable mode. It detects Bluetooth devices within a one hundred meter range and creates a list of the device names found. It also accepts all file transfers and scans them for known mobile viruses.

We were scanning from our Hall 7 booth for a week. At any given time we would see more than 100 Bluetooth devices wandering within our range. Grand total: 12500 unique devices that a) had Bluetooth, b) had it enabled, c) had it visible. Unbelievable.



We imagine this honeypot can be used for various purposes when it's finalized, including being used by companies at security checkpoints so virus infected devices don't cross the threshold.

While discussing CeBIT: here's a nice 3D rendered video showing how F-Secure Blacklight scans music CDs for possible rootkits. Funnily enough, the video's virtual Blacklight also removes the rootkit from the CD itself. It unfortunately can't do that in real life, we can only remove rootkits from the PC. CDs are of course read only…
(Click the image for the video.)