BLUETOOTH ATTACKS
BLUETOOTH ATTACKS ON MOBILE PHONES
BLUESNARF: SNIFFING
Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs. This allows access to a calendar, contact list, emails and text messages, and on some phones users can copy pictures and private videos. Currently available programs must allow connection and to be ‘paired’ to another phone to copy content.
The BlueSnarf attack is an OBEX protocol (Object Exchange communications protocol that allows the exchange of binary objects between devices) which allows hackers to access the mobile phone‘s calendar, pictures, phone book secretly, however even changing a pin code without owner‘s knowledge is possible. Using the OBEXAPP application it is easy to establish a connection with a target phone (OBEXAPP is an application form, which the SDP Tools package used to administrate OBEX objects like calendar, pictures and phone contact list via IRDA or Bluetooth. Any device with its Bluetooth connection turned on and set to ―discoverable (able to be found by other Bluetooth devices in range) can be attacked. By turning off this feature you can be
protected from the possibility of being Bluesnarfed.
BLUEBUGGING: SPOOFING
Bluebugging is a form of bluetooth attack often caused by a lack of awareness. It was developed after the onset of bluejacking and bluesnarfing. To put it in real terms, it means a bluebugger can take control of your phone, and use it to send a message or make a call or literally do anything as though they own the phone. While early bluebugging requires the bugger(literally) using a previously paired device, new tools in bluebugging has done away with that. Which means that anyone with the right knowledge and tool and take control of your phoneSimilar to bluesnarfing, Bluebugging accesses and uses all phone features but is limited by the transmitting power of class 2 Bluetooth radios, normally capping its range at 10–15 meters. However, the operational range has been increased with the advent of directional antennas.
BlueBugging allows hackers to send SMS messages from a remote vulnerable phone controlled by an attacker. This attack uses the weaknesses in the implementation of Bluetooth protocol. This error makes it possible to establish a serial connection to a target phone using two secret RFCOMM- channels (Radio Frequency Communications). Channels 16 and 17 are not secured by Bluetooth security functions. After the connection with the target, it is possible to send SMS or to call premium rate services7. SMS which are sent will be not saved in the folder ―Send of the attacked phone. It is possible to read and change phonebook and to eavesdrop all calls.
BLUEJACKING
Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e. for bluedating or bluechat) to another bluetooth enabled device via the OBEX protocol.This trick was discovered through flirting habits of Bluetooth phones owners. It uses the possibility to change the name of the phone to another name or to send a business card (vCard). After renaming the name of his phone, the hacker can force the victim to accept the Bluetooth connection.
Usually, the name of the phone is the name of the manufacturer and mobile type. If the hacker changes the phone‘s name to the string ―click here for free cash‖,the victim will often click the pop-up frame mistakenly and accept the connection. This allows the hacker to connect to the device.
Bluejacking can be used by hackers to infect phones, to show obscene movies, etc ‘Bluejacking’ terror of stalkers who target mobiles Thousands of mobile phone users are being left terrified by a disturbing craze in which they are bombarded with obscene or disturbing messages. New ‘Bluetooth’ technology allows people to send anonymous texts and images to mobile phones within a 30ft radius. The ‘bluejacking’ craze has become a worldwide phenomenon, with pranksters delighting in covertly sending text messages to unsuspecting strangers. But what began as fun has taken a sinister turn. Victims are being sent menacing messages, vicious threats and violent and pornographic film clips. Bluetooth technology allows mobile phone and computer users to send computer files between devices without using any wires. But any other Bluetooth equipped mobile within range will automatically pick up such messages unless owners disable this function on their phone. As well as sending anonymous text messages, bluejackers can attach video clips, photos or graphics, although those receiving the messages are given the option to either accept the message or to reject it before opening it.
