Bluetooth

BlueTooth Security Risks

Security risks involving bluetooth vulnerabilities include techniques known as:  bluebugging, bluesnarfing, bluejacking, denial of service and exploits for different holes.

When a device is configured in discoverable an attacker may try to apply these techniques.

Today mobile security was strongly increased and most attacks fail, yet sometimes security holes are discovered and new exploits emerge. As mobile devices prevent the user from installing unmonitored software freely most of attacks are difficult to carry out.

This tutorial describes the most common Bluetooth attacks, the tools used to carry out these attacks and the security measures users can take to prevent them.

Bluetooth Security Risks:

Bluebugging:
This is the worse known type of Bluetooth attack, through it an attacker gets full control of the device, if the hacked device is a mobile phone the attacker is able to make phone calls and send messages from the compromised device, remove or steal files, use the phone’s mobile connection, etc. Formerly a tool called Bloover was used to carry out this type of attacks.

BlueSnarfing:
Bluebugging attacks target the device’s stored information such as media, contacts, etc. yet without granting the attacker full control over the device as other type of attacks do (as described alter below).

Bluesniping:
Similar to BlueSnarfing but with longer range, this attack is carried out with special hardware.

BlueJacking:
This attack consists of sending (only) information to the victim, such as adding a new contact, replacing the contact name for the desired message. This is the less damaging attack despite some tools may allow the attacker to reset or to turn off the victim’s cell phone, still it remains useless to steal information or violate the victim’s privacy.

KNOB:
Recently reports on a new kind of attack were released by researchers who discovered the handshaking process, or negotiation between 2 bluetooth devices to establish a connection can be hacked through a Man In the Middle attack by sending a byte encryption key allowing a bruteforce attack.

Denial of Service (DOS):  widely known Denial of Service attacks also target bluetooth devices, the BlueSmack attack is an example of this. These attacks consist of sending oversized packets to bluetooth devices in order to provoke a DOS. Even attacks killing the battery of bluetooth devices were reported.

Tools used to hack Bluetooth devices:

Below I set a list of the most popular tools used to carry out attacks through bluetooth, most of them are already included in Kali Linux and Bugtraq.

BlueRagner:
BlueRanger locates Bluetooth devices radio by sending l2cap (bluetooth pings) exploiting allowance to ping without authentication.

BlueMaho:
This tool can scan devices looking for vulnerabilities, it shows detailed information on scanned devices, it also shows current and previous device locations, it can keep scanning the environment unlimitedly and alert through sounds when a device is found and you can even define instructions for when a new device is detected and can be used with two bluetooth devices (dongles) simultaneously. It can check devices for both known and unknown vulnerabilities.

BlueSnarfer:

BlueSnarfer, as it name says, was designed for BlueSnarfing, it allows the attacker to get the victim’s contact address, a list of made and received calls, the contacts saved in the sim, among it features it also allows to customize the information printing.

Spooftooph:
This tool allows you to carry out spoofing and cloning attacks against bluetooth devices, it also allows generating random bluetooth profiles and changing them automatically each X time.

BtScanner:

BtScanner allows you to gather information from bluetooth devices without prior pairing. With BtScanner an attacker can get information on HCI (Host Controller Interface protocol) and SDP (Service Discovery Protocol).

RedFang:

This tool allows you to discover hidden bluetooth devices which are set not to be discovered. RedFang achieves it through bruteforce to guess the victim’s bluetooth MAC address.

Protect your Bluetooth devices against security risks:

While new devices are not vulnerable to attacks mentioned previously all time new exploits and security holes emerge.
The only safe measure is to keep the bluetooth turned off as much as you don’t use it, in the worst case you need it always turned on at least keep it undiscoverable despite as you saw there are tools to discover them anyway.

Your mobile devices, or devices with bluetooth support must remain updated, when a security hole is discovered the solution comes through updates, an outdated system may contain vulnerabilities.

Restrict permissions on the bluetooth functionalities, some applications require bluetooth access permissions, try to limit permissions on the bluetooth device more as possible.

Another point to take in consideration is our location when we use bluetooth devices, enabling this functionality in public places full of people isn’t recommended.

And of course, you should never accept pairing requests, and if you get unknown pairing request turn off your bluetooth immediately, some attacks take place during the handshake negotiation (authentication).

Don’t use third party apps which promise to protect your bluetooth, instead keep a safe configuration as said before: turn off or hide the device.

Conclusion:

While bluetooth attacks aren’t widely used (when compared with other types of attacks like phishing or DDOS) almost every person carrying a mobile device is a potential victim, therefore in our countries most people are exposed, also through bluetooth, to sensitive data leak. On the other hand most manufacturers already patched devices to protect them from almost all attacks described above, but they only can issue a fix after the vulnerability was discovered and published (like with any vulnerability).

While there is not defensive software the best solution is to keep the device turned off in public spaces, since most attacks require a short range you can use the device safely in private places. I hope you found this tutorial on Bluetooth Security Risks useful. Keep following LinuxHint for more tips and updates on Linux and networking.

About the author

Ivan Vanney

Ivan Vanney

Ivan Vanney has over 2 years as writer for LinuxHint, he is co-founder of the freelance services marketplace GIGopen.com where he works as a sysadmin.