Bluetooth Threats: Much like Wi-Fi, Bluetooth has a bevy of threats facing it that you must take into account.
Bluetooth suffers from many shortcomings that have been slowly addressed with each successive version, but many flaws remain and can be exploited.
The technology has already seen many attacks take their toll on victims in the form of losing information such as the following:
- Leaking calendars and address books or other information is possible through the Bluetooth protocol.
- Creating of bugging devices has been a problem with Bluetooth devices because software has been made available that can remotely activate cameras and microphones.
- An attacker can remotely control a phone o make phone calls or connect to the Internet.
- Attackers have been known to fool victims into disabling security for Bluetooth connections in order to pair with them and steal information.
- Mobile phone worms can exploit a Bluetooth connection to replicate and spread.
Bluejacking is one form of Bluetooth attack that is more annoying than malicious in most cases. The attack takes the form of sending an anonymous text message via Bluetooth to a victim.
Since this attack exploits the basic operation of the Bluetooth protocol, it is hard to defend against,, other than making the device nondiscoverable.
Use the following steps to bluejack a victim or a device:
- Locate an area with a high density of mobile users such as a mall or convention center.
- Go to the contacts in your device’s address book.
- Create a new contact and enter a message.
- Save the contact with a name but without a phone number.
- Choose Send Via Bluetooth.
- Chose a phone from the list of devices and send the message.
If all goes well at this point, your new “friend” should receive the message you just crafted.
Another example of a Bluetooth attack is bluesnarfing. This attack is designed to extract information at a distance from a Bluetooth device.
If you execute the attack skillfully, you can obtain the address book, call information, text information, and other data from the device. Because of the nature of the attack, it is considered very invasion and extremely dangerous.
A new way to target Bluetooth devices and draw them in is to use a Linux-based tool called Bluepot.
This utility is designed to accept incoming malware and respond to Bluetooth attacks. This utility can make the discovery and targeting of Bluetooth devices easier.