Tuesday, November 24, 2009

Types Of Bluetooth Hacks And Its Security Issues


Bluetooth technology has been around for some time now, but it has been made popular courtesy its widespread use in mobile phones. But as cellular technology continues to out pace its predecessors rapidly, Bluetooth is now considered a ‘basic' feature of a cell phone and its widespread availability has given rise to its misuse just like all contemporary communication channels and technologies.


However, security issues arising from Bluetooth are relatively less publicised, possibly due to less critical nature of information at stake - an individual's cell phone data against corporate data thefts and associated hard losses. Nonetheless, with respect to personal privacy and perimeter security, an insecure Bluetooth device or technology can pose serious risk of information compromise.


Now lets explore the categories in which Bluetooth hacking is often classified mentioning one of the tool used for the purpose. This will show how real the issue of security in Bluetooth devices is.








Categories of bluetooth hacking

Bluetooth hacks are categorised broadly among:
  1. Bluejacking
  2. Bluesnarfing
  3. Bluebugging
  4. Bluetoothing
  • Bluejacking is the simplest of the four. The hacker uses it by making an attempt to send a phone contact or business card to another nearby phone. The ‘name' field of the contact can be misused by replacing it with a suggestive text so that the target device reads it as a part of intimation query displayed on its screen. This may be thought of as equivalent to spam e-mail since both are unsolicited messages displayed on recipients' end without consent, and by exploiting the inherent nature of communication.
  • Bluesnarfing goes a step further and actually accesses or steals data like messages, calendar, phone book etc., from the target device in an unauthorised manner which includes bypassing the usual paring requirement. Here, the problem is bigger since there have been reports of the tools that use methods such as device address guessing and brute force in order to break-in, even when device is configured as ‘invisible'.
  • The next level of sophistication in Bluetooth hacking is Bluebugging where the victim device is controlled by the attacker who sends commands to perform actions as if having physical access to the device this is a functionality analogous to Trojans. The tools for Bluebugging include ones that run off the PCs, which means laptops with high range Bluetooth connectivity, which makes things even worse.
  • Lastly, it is Bluetoothing which typically means social networking in short range, and possibility of harassment from the security point of view. Then there are programmes for Bluetooth PIN code cracking as well.

The Tool Mostly Used For Bluetooth Hacking

Given the constant updates of firmware and vulnerability fixes by manufacturers, most of the threats against popular brands are often quickly fixed without much public disclosure. Yet, there are plenty of tools that run on mobile phones, as well as on computers to attempt different types of Bluetooth hacks with varying degrees of success.
One such tool is Super Bluetooth Hack which demonstrates characteristics of both Bluesnarfing and Bluebugging. This Bluetooth hack is one of the most widely used and is used by both professional hackers as well as people who just want to have fun by sneaking into other's mobiles, without even knowing about the security issues that may arise in doing so.


Security Issues With Super Bluetooth hack

This is a 270KB Java application for Bluetooth-enabled handsets. Though it is not a pure authentication-bypass hacking application as the name suggests, still it can cause a great amount of damage by gathering important personal information of the target
Following are the major threats from this application:
  • To get around pairing, the attacker can employ a bit of social engineering, say renaming phone to something as ‘Download Updates' or to a known target-trusted companion in the vicinity, or even get physical access to phone and perform one-time pairing since subsequent connections do not require any user intervention at target device. Once connected, a long list of information categories is displayed which can be possibly gleaned.
  • Another threat from this application is that the hacker can gain access to users calls menu and may use it in a way that the target phone starts dialling the requested number automatically. The attacker even gains access to the option of putting the call on hold or to hang up.
  • Another issue that may arise is that the hacker can fetch target phone's entire phone book, dialled calls list etc. which can be saved on attacker's device.
  • This application can make the target extremely vulnerable as it works and fetches a plethora of details in addition to sending operative commands, without having to be installed on target device. Usual remote-control devices are installed on both devices and use their own authentication to send commands, as Super Bluetooth Hack by passes this requirement. This shows how intensive Bluetooth surveillance can get, particularly when combined with social engineering.

Precautions

All these hacks have been mentioned just to inform the bluetooth users how vulnerable there devices can be. Currently no such major software has been developed to stop the above methods of hacking however newer devices are built taking into account these threats and experts believe that they will prove to be more secure. Regardless of all this, there are always some precautions that can be taken i.e.
Always keep Bluetooth off when it is not required, and rename the device to something generic, rather than keeping the default name which is device manufacturer and model number,also make sure that you have the original PIN code of the phone with you so that in case your phone gets hacked you can reset it to factory settings but only at the cost of erasing all your data.
All this helps in preserving privacy since an attacker can spot the device physically and match it with discovered list. Bluetooth is a useful connectivity technology, so use it, enjoy it, but play safe!

Note

All the above mentioned bluetooth hacks have been stated to spread awareness regarding the potential risks which bluetooth devices face, any anti-hacking tips related to the above hacks are welcomed and can be shared at the comments section.


^^SUNNY^^

No comments:

Post a Comment