Bluesnarfing

Last updated
BluetoothLogo.svg

Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs (personal digital assistant). [1] This allows access to calendars, contact lists, emails and text messages, and on some phones, users can copy pictures and private videos. Both Bluesnarfing and Bluejacking exploit others' Bluetooth connections without their knowledge. While Bluejacking is essentially harmless as it only transmits data to the target device, Bluesnarfing is the theft of information from the target device. [2]

Contents

Description

Current mobile software generally must allow a connection using a temporary state initiated by the user in order to be 'paired' with another device to copy content. There seem to have been, in the past, available reports of phones being Bluesnarfed without pairing being explicitly allowed. After the disclosure of this vulnerability, vendors of mobile phone patched their Bluetooth implementations and, at the time of writing[ when? ], no current phone models are known to be vulnerable to this attack.

Any device with its Bluetooth connection turned on and set to "discoverable" (able to be found by other Bluetooth devices in range) may be susceptible to Bluejacking and possibly to Bluesnarfing if there is a vulnerability in the vendor's software. By turning off this feature, the potential victim can be safer from the possibility of being Bluesnarfed; although a device that is set to "hidden" may be Bluesnarfable by guessing the device's MAC address via a brute force attack. As with all brute force attacks, the main obstacle to this approach is the sheer number of possible MAC addresses. Bluetooth uses a 48-bit unique MAC Address, of which the first 24 bits are common to a manufacturer. [3] The remaining 24 bits have approximately 16.8 million possible combinations, requiring an average of 8.4 million attempts to guess by brute force.

Prevalence

Attacks on wireless systems have increased along with the popularity of wireless networks. Attackers often search for rogue access points, or unauthorized wireless devices installed in an organization's network and allow an attacker to circumvent network security. Rogue access points and unsecured wireless networks are often detected through war driving, which is using an automobile or other means of transportation to search for a wireless signal over a large area. Bluesnarfing is an attack to access information from wireless devices that transmit using the Bluetooth protocol. With mobile devices, this type of attack is often used to target the international mobile equipment identity (IMEI). Access to this unique piece of data enables the attackers to divert incoming calls and messages to another device without the user's knowledge.

Response

Bluetooth vendors advise customers with vulnerable Bluetooth devices to either turn them off in areas regarded as unsafe or set them to undiscoverable. [4] This Bluetooth setting allows users to keep their Bluetooth on so that compatible Bluetooth products can be used but other Bluetooth devices cannot discover them.

Because Bluesnarfing is an invasion of privacy, it is illegal in many countries.

Bluesniping

Bluesniping has emerged as a specific form of Bluesnarfing that is effective at longer ranges than normally possible. According to Wired magazine, this method surfaced at the Black Hat Briefings and DEF CON hacker conferences of 2004 where it was shown on the G4techTV show The Screen Savers . [5] For example, a "rifle" with a directional antenna, Linux-powered embedded PC, and Bluetooth module mounted on a Ruger 10/22 folding stock has been used for long-range Bluesnarfing. [6]

See also

Related Research Articles

Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances and building personal area networks (PANs). In the most widely used mode, transmission power is limited to 2.5 milliwatts, giving it a very short range of up to 10 metres (33 ft). It employs UHF radio waves in the ISM bands, from 2.402 GHz to 2.48 GHz. It is mainly used as an alternative to wired connections to exchange files between nearby portable devices and connect cell phones and music players with wireless headphones.

<span class="mw-page-title-main">Device driver</span> Computer program that operates or controls a device that is attached to a computer

In computing, a device driver is a computer program that operates or controls a particular type of device that is attached to a computer or automaton. A driver provides a software interface to hardware devices, enabling operating systems and other computer programs to access hardware functions without needing to know precise details about the hardware being used.

A MAC address is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment. This use is common in most IEEE 802 networking technologies, including Ethernet, Wi-Fi, and Bluetooth. Within the Open Systems Interconnection (OSI) network model, MAC addresses are used in the medium access control protocol sublayer of the data link layer. As typically represented, MAC addresses are recognizable as six groups of two hexadecimal digits, separated by hyphens, colons, or without a separator.

<span class="mw-page-title-main">Wi-Fi</span> Wireless local area network

Wi-Fi is a family of wireless network protocols based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access, allowing nearby digital devices to exchange data by radio waves. These are the most widely used computer networks, used globally in home and small office networks to link devices and to provide Internet access with wireless routers and wireless access points in public places such as coffee shops, hotels, libraries, and airports to provide visitors.

IEEE 802.1X is an IEEE Standard for port-based network access control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.

Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA2), and Wi-Fi Protected Access 3 (WPA3) are the three security certification programs developed after 2000 by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).

<span class="mw-page-title-main">Wi-Fi hotspot</span> Wi-Fi access point

A hotspot is a physical location where people can obtain Internet access, typically using Wi-Fi technology, via a wireless local-area network (WLAN) using a router connected to an Internet service provider.

<span class="mw-page-title-main">Mobile phone feature</span> Mobile phone capability or application

A mobile phone feature is a capability, service, or application that a mobile phone offers to its users. Mobile phones are often referred to as feature phones, and offer basic telephony. Handsets with more advanced computing ability through the use of native code try to differentiate their own products by implementing additional functions to make them more attractive to consumers. This has led to great innovation in mobile phone development over the past 20 years.

<span class="mw-page-title-main">Wireless security</span> Aspect of wireless networks

Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include Wi-Fi networks. The term may also refer to the protection of the wireless network itself from adversaries seeking to damage the confidentiality, integrity, or availability of the network. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is an old IEEE 802.11 standard from 1997. It is a notoriously weak security standard: the password it uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. WEP was superseded in 2003 by WPA, a quick alternative at the time to improve security over WEP. The current standard is WPA2; some hardware cannot support WPA2 without firmware upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP. Enterprises often enforce security using a certificate-based system to authenticate the connecting device, following the standard 802.11X.

A rogue access point is a wireless access point that has been installed on a secure network without explicit authorization from a local network administrator, whether added by a well-meaning employee or by a malicious attacker.

<span class="mw-page-title-main">Wi-Fi Protected Setup</span> Network security standard to create a secure wireless home network

Wi-Fi Protected Setup (WPS) originally, Wi-Fi Simple Config, is a network security standard to create a secure wireless home network.

Piggybacking on Internet access is the practice of establishing a wireless Internet connection by using another subscriber's wireless Internet access service without the subscriber's explicit permission or knowledge. It is a legally and ethically controversial practice, with laws that vary by jurisdiction around the world. While completely outlawed or regulated in some places, it is permitted in others.

Bluebugging is a form of Bluetooth attack often caused by a lack of awareness. It was developed after the onset of bluejacking and bluesnarfing. Similar to bluesnarfing, bluebugging accesses and uses all phone features but is limited by the transmitting power of class 2 Bluetooth radios, normally capping its range at 10–15 meters. However, the operational range can be increased with the use of a directional antenna.

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

Sideloading describes the process of transferring files between two local devices, in particular between a personal computer and a mobile device such as a mobile phone, smartphone, PDA, tablet, portable media player or e-reader.

A DMA attack is a type of side channel attack in computer security, in which an attacker can penetrate a computer or other device, by exploiting the presence of high-speed expansion ports that permit direct memory access (DMA).

Wireless lock is a protection concept for authenticated LAN or WLAN network clients offered from various vendors in various functional shapes and physical designs. In contrast to wireless keys, wireless lock puts emphasis on automatic locking instead of just locking by time-out or unlocking.

<span class="mw-page-title-main">Logitech Unifying receiver</span> USB wireless receiver

The Logitech Unifying Receiver is a small dedicated USB wireless receiver, based on the nRF24L-family of RF devices, that allows up to six compatible Logitech human interface devices to be linked to the same computer using 2.4 GHz band radio communication. Receivers that are bundled with a Logitech product are paired with the device at the factory. When purchasing a replacement receiver or connecting multiple devices to one receiver, pairing requires the free-of-charge Logitech Unifying software, available for Microsoft Windows and Mac OS X. On Linux the Solaar software can be used to adjust the configurations. Although not compatible with Bluetooth, devices pair to Unifying Receivers in a similar way. Peripherals remain paired, and can then be used on systems not supporting the software. Logitech receivers compatible with the Unifying protocol can be identified by the orange Unifying logo, which distinguishes them from Logitech Nano receivers of similar appearance, which pair in a similar manner but only with a single device, without using the Unifying protocol.

A microphone blocker is a phone microphone connector used to trick feature phones that have a physical microphone switch to disconnect the microphone. Microphone blockers won't operate on smartphones or laptops because the microphone is controlled with software rather than a physical switch.

References

  1. Dagon, D.; Martin, T.; Starner, T. (2004-01-01). "Mobile Phones as Computing Devices: The Viruses are Coming!". IEEE Pervasive Computing. 3 (4): 11–15. doi:10.1109/MPRV.2004.21. ISSN   1536-1268. S2CID   14224399.
  2. Okazaki, Shintaro; Navarro-Bailón, María Ángeles; Molina-Castillo, Francisco-Jose (2012). "Privacy Concerns in Quick Response Code Mobile Promotion: The Role of Social Anxiety and Situational Involvement". International Journal of Electronic Commerce. 16 (4): 91–119. doi:10.2753/JEC1086-4415160404. hdl: 10486/669231 . ISSN   1086-4415. JSTOR   41739750. S2CID   33349618.
  3. Bialoglowy, Marek, Bluetooth Security Review, Part 1, http://www.symantec.com/connect/articles/bluetooth-security-review-part-1
  4. Fuller, John, How Bluetooth Surveillance Works, http://electronics.howstuffworks.com/bluetooth-surveillance1.htm
  5. "Wired News: Security Cavities Ail Bluetooth". www.wired.com. Archived from the original on 16 March 2005. Retrieved 12 January 2022.
  6. "'Rifle' Sniffs Out Vulnerability in Bluetooth Devices". NPR.org.

Mark Ciampa (2009), Security+ Guide to Network Security Fundamentals Third Edition. Printed in Canada.
Roberto Martelloni's home page Archived 2017-12-27 at the Wayback Machine with Linux source code of released Bluesnarfer proof-of-concept.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.