Couple of months back I posted on Bluetooth security, how it was not so safe to keep your blue tooth on in public places.
Now in the same series I am going to introduce you to various types of attacks.
- Bluetooth hacking or bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e. for bluedating or bluechat) to another bluetooth enabled device via the OBEX protocol.
- Bluetooth has a very limited range, usually around 10 metres on mobile phones, but laptops can reach up to 100 metres with powerful (Class 1) transmitters.
- The bluetooth protocol allows devices to use 16 digit long pairing codes. Unfortunately many applications continue to use only 4 digit pairing codes which can be easily brute-forced. This is known as short pairing codes. Most slave bluetooth devices continue to use default pairing codes such as 0000, 1111, 1234, etc. So, easy to crack and gain access.
- There are a variety of different types of bluetooth related threats and attacks that can be executed against unsuspecting mobile phone users. Following are some of the most common types of threats :-
- Blueprinting Attack :- Information gathering is the first step in the quest to break into target system. Even Bluetooth devices can be fingerprinted or probed for information gathering using the technique known as Blueprinting. Using this one can determine manufacturer, model, version, etc. for target bluetooth enabled device.
- BlueJack Attack :- Bluejacking is the process of sending an anonymous message from a bluetooth enabled phone to another, within a particular range without knowing the exact source of the received message to the recipient.
- BlueSnarf Attack :- Bluesnarfing is the process of connecting vulnerable mobile phones through bluetooth, without knowing the victim. It involves OBEX protocol by which an attacker can forcibly push/pull sensitive data in/out of the victim's mobile phone, hence also known as OBEX pull attack. This attack requires J2ME enabled mobile phones as the attacker tool. With J2ME enabled phone, just by using bluesnarfing tools like Blooover, Redsnarf, Bluesnarf, etc. an attacker can break into target mobile phone for stealing sensitive data such as address book, photos, mp3, videos, SMS.
- Blue Backdoor Attack :- Here, the bluetooth related vulnerability exploits the pairing mechanism that is used to establish a connection between two bluetooth enabled devices. Not only does it gives the attacker complete access and control over the target but also allows the attacker to place strategic backdoors for continued access and entry.
- BlueBug Attack :- It was first discovered by Martin Herfurt and allows attackers to gain complete control over the data, voice and messaging channels of vulnerable target mobile phones.Source on internet:http://insecure.in/bluetooth_hacking_02.asp
No comments:
Post a Comment
Add your comments.All the inputs are important and valuable.