BlueTooth Security Risks

29/12/2020
Chưa phân loại
Security risks involving bluetooth vulnerabilities include techniques known as:  bluebugging, bluesnarfing, bluejacking, denial of service and exploits for different holes.

When a device is configured in discoverable an attacker may try to apply these techniques.

Today mobile security was strongly increased and most attacks fail, yet sometimes security holes are discovered and new exploits emerge. As mobile devices prevent the user from installing unmonitored software freely most of attacks are difficult to carry out.

This tutorial describes the most common Bluetooth attacks, the tools used to carry out these attacks and the security measures users can take to prevent them.

Bluetooth Security Risks:

Bluebugging:
This is the worse known type of Bluetooth attack, through it an attacker gets full control of the device, if the hacked device is a mobile phone the attacker is able to make phone calls and send messages from the compromised device, remove or steal files, use the phone’s mobile connection, etc. Formerly a tool called Bloover was used to carry out this type of attacks.

BlueSnarfing:
Bluebugging attacks target the device’s stored information such as media, contacts, etc. yet without granting the attacker full control over the device as other type of attacks do (as described alter below).

Bluesniping:
Similar to BlueSnarfing but with longer range, this attack is carried out with special hardware.

BlueJacking:
This attack consists of sending (only) information to the victim, such as adding a new contact, replacing the contact name for the desired message. This is the less damaging attack despite some tools may allow the attacker to reset or to turn off the victim’s cell phone, still it remains useless to steal information or violate the victim’s privacy.

KNOB:
Recently reports on a new kind of attack were released by researchers who discovered the handshaking process, or negotiation between 2 bluetooth devices to establish a connection can be hacked through a Man In the Middle attack by sending a byte encryption key allowing a bruteforce attack.

Denial of Service (DOS):  widely known Denial of Service attacks also target bluetooth devices, the BlueSmack attack is an example of this. These attacks consist of sending oversized packets to bluetooth devices in order to provoke a DOS. Even attacks killing the battery of bluetooth devices were reported.

Tools used to hack Bluetooth devices:

Below I set a list of the most popular tools used to carry out attacks through bluetooth, most of them are already included in Kali Linux and Bugtraq.

BlueRagner:
BlueRanger locates Bluetooth devices radio by sending l2cap (bluetooth pings) exploiting allowance to ping without authentication.

BlueMaho:
This tool can scan devices looking for vulnerabilities, it shows detailed information on scanned devices, it also shows current and previous device locations, it can keep scanning the environment unlimitedly and alert through sounds when a device is found and you can even define instructions for when a new device is detected and can be used with two bluetooth devices (dongles) simultaneously. It can check devices for both known and unknown vulnerabilities.

BlueSnarfer:

BlueSnarfer, as it name says, was designed for BlueSnarfing, it allows the attacker to get the victim’s contact address, a list of made and received calls, the contacts saved in the sim, among it features it also allows to customize the information printing.

Spooftooph:
This tool allows you to carry out spoofing and cloning attacks against bluetooth devices, it also allows generating random bluetooth profiles and changing them automatically each X time.

BtScanner:

BtScanner allows you to gather information from bluetooth devices without prior pairing. With BtScanner an attacker can get information on HCI (Host Controller Interface protocol) and SDP (Service Discovery Protocol).

RedFang:

This tool allows you to discover hidden bluetooth devices which are set not to be discovered. RedFang achieves it through bruteforce to guess the victim’s bluetooth MAC address.

Protect your Bluetooth devices against security risks:

While new devices are not vulnerable to attacks mentioned previously all time new exploits and security holes emerge.
The only safe measure is to keep the bluetooth turned off as much as you don’t use it, in the worst case you need it always turned on at least keep it undiscoverable despite as you saw there are tools to discover them anyway.

Your mobile devices, or devices with bluetooth support must remain updated, when a security hole is discovered the solution comes through updates, an outdated system may contain vulnerabilities.

Restrict permissions on the bluetooth functionalities, some applications require bluetooth access permissions, try to limit permissions on the bluetooth device more as possible.

Another point to take in consideration is our location when we use bluetooth devices, enabling this functionality in public places full of people isn’t recommended.

And of course, you should never accept pairing requests, and if you get unknown pairing request turn off your bluetooth immediately, some attacks take place during the handshake negotiation (authentication).

Don’t use third party apps which promise to protect your bluetooth, instead keep a safe configuration as said before: turn off or hide the device.

Conclusion:

While bluetooth attacks aren’t widely used (when compared with other types of attacks like phishing or DDOS) almost every person carrying a mobile device is a potential victim, therefore in our countries most people are exposed, also through bluetooth, to sensitive data leak. On the other hand most manufacturers already patched devices to protect them from almost all attacks described above, but they only can issue a fix after the vulnerability was discovered and published (like with any vulnerability).

While there is not defensive software the best solution is to keep the device turned off in public spaces, since most attacks require a short range you can use the device safely in private places. I hope you found this tutorial on Bluetooth Security Risks useful. Keep following LinuxHint for more tips and updates on Linux and networking.

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

Heatmaps and Colorbars in Matplotlib

Data visualization is one of the most crucial step in Data Science (or any other science, for that matter). We, as humans,...
28/12/2020

Fix high memory usage in Debian

Memory overload is among the main causes of device failures. Memory high usage may be caused by different reasons. This...
29/12/2020

How to Install Android in Dual Boot with Linux

The most dominant mobile operating systems are iOS and Android but did you know that if you have a laptop, you can run...
28/12/2020
Bài Viết

Bài Viết Mới Cập Nhật

mua Proxy riêng ở đâu, và nó đem lại lợi ích gì cho người sử dụng
22/11/2022

Hướng dẫn sử dụng Proxy Helper Fakeip khi thuê proxy
21/11/2022

PROXY NUÔI TÀI KHOẢN FACEBOOK – KINH NGHIỆM FAKE IP – THUÊ PROXY GIÁ RẺ
14/11/2022

Mua Proxy Nuôi Zalo Giá Rẻ Tại Onet.com.vn
14/11/2022

BẢNG GIÁ MUA PROXY VIỆT NAM và PROXY US Onet.com.vn
14/11/2022