Hacking Bluetooth
Another wireless technology to consider is Bluetooth, which is seen in many mobile devices in today’s marketplace. Bluetooth refers to a short-range wireless technology commonly used to connect devices such as headsets, media players, and other types of technologies. Bluetooth operates in the 2.4 GHz frequency range and is designed to work at distances up to 10 meters (33 feet).
When you’re working with Bluetooth devices, there are some specifics to keep in mind about the devices and how they operate.
First, the device can operate in one of the following modes:
Discoverable This allows the device to be scanned and located by other Bluetooth-enabled devices.
Limited Discoverable This mode is becoming more commonly used; in this mode the device will be discoverable by other Bluetooth devices for a short period of time before it returns to being nondiscoverable.
Nondiscoverable As the name suggests, devices in this mode cannot be located by other devices. However, if another device has previously found the system it will still be able to do so.
In addition to the device being able to be located, it can be paired with other devices to allow communication to occur. A device can be in pairing or nonpairing mode; pairing means it can link with another device and nonpairing means it cannot.
Bluetooth Threats
Much like Wi-Fi, Bluetooth has a bevy of threats facing it that you must take into account. Bluetooth suffers from many shortcomings that have been slowly addressed with each successive version, but many flaws remain and can be exploited. The technology itself has already seen many attacks take their toll on victims in the form of losing information such as the following:
- Leaking calendars and address books or other information is possible through the Bluetooth protocol.
- Creation of bugging devices has been a problem with Bluetooth devices as software has been made available that can remotely activate cameras and microphones.
- An attacker can remotely control a phone to make phone calls or connect to the Internet.
- Attackers have been known to fool victims into disabling security for Bluetooth connections in order to pair with them and steal information.
- Mobile phone worms can exploit a Bluetooth connection to replicate and spread.
Bluejacking
Bluejacking is one form of Bluetooth attack that is more annoying than malicious in most cases. The attack takes the form of sending an anonymous text message via Bluetooth to a victim. Since this attack exploits the basic operation of the Bluetooth protocol it is hard to defend against, other than making the device nondiscoverable.
Use the following steps to bluejack a victim or a device:
- Locate an area with a high density of mobile users such as a mall or convention center.
- Go to the contacts in your device’s address book.
- Create a new contact and enter a message.
- Save the contact with a name but without a phone number.
- Choose Send Via Bluetooth.
- Choose a phone from the list of devices and send the message.
Bluesnarfing
Another example of a Bluetooth attack is bluesnarfing. This attack is designed to extract information at a distance from a Bluetooth device. If you execute the attack skillfully, you can obtain the address book, call information, text information, and other data from the device. Because of the nature of the attack, it is considered very invasive and extremely dangerous.