Bluetooth a short range wireless communication technology developed for use at home, office and Personal Area Networks. Over the years Bluetooth integration has been achieved in mobile phones, Personal Digital Assistants (PDAs) and other consumer devices. When blue tooth was conceived, an essential element of the technology was its requirement for a low expectation of end user technical ability and minimum levels of user setup and configuration for ease of use. This was adopted to ensure that widespread adoption and utilization of Bluetooth technology by the general public could be achieved

A direct consequence of this requirement some users are not aware of the functionality Bluetooth offers and its potential for exploitation and in many cases leave the default settings on their devices unchanged. Bluetooth enabled devices are vulnerable to exploitation using a range of methods including Bluesnarf, Backdoor and Bluebug.

Bluetooth vulnerabilities

The use of Bluetooth technology to access restricted areas of a users' device without their knowledge or approval for the purpose of capturing data e.g. contacts, images, lists of called missed, received or dialed, calendars, business cards and the device's International Mobile Equipment Identity (IMEI) is known as Bluesnarf. Bluesnarfing works by using the push profile of the Object Exchange protocol (OBEX) which is a built-in Bluetooth functionality for exchanging electronic business cards.

Instead of pushing a business card the Bluesnarf attack pulls using a "get" request looking for files with known names e.g. phonebook file (telecom/pb.vcf) or calendar file (telecom/cal.vcs). This vulnerability exists due to the manner in which the OBEX push profile was implemented in some of the early Bluetooth enabled phones, which did not require authentication from other Bluetooth devices attempting to communicate with it. Accessing information by Bluesnarfing was thought to only be possible if the users device is in "discoverable" or "visible" mode, but Bluesnarf attacks have being carried out on devices set to "non-discoverable" mode.

To achieve this the Bluesnarfing software needs to address the device by its unique 48-bit Bluetooth device name. For example, uncovering the device name is possible using software applications such as RedFang. This application uses a brute-force approach to discover device addresses by systematically generating every possible combination of characters and recording those combinations which get a response. Fortunately this approach is time consuming, potentially taking hours of computation.

Current scenario

The subsequent release of the Bluetooth specification 1.2 has addressed this problem by adding an anonymity mode that masks a device's Bluetooth physical address. In addition a major privacy concern related to this type of attack is the possibility of obtaining the IMEI of a device which can then be utilized to uniquely identify a phone on a mobile network and could also be used in illegal phone cloning. This could give someone the ability to use a cloned subscriber identity module (SIM) card to track a mobile device and by inference the user carrier without their knowledge. Recent firmware upgrades have corrected this problem but many phone owners have not installed them

Nokia the World leading Mobile phone manufacturer recently made this announcement "Nokia is aware of claims that there are security issues relating to malicious attempts by hackers to access another user's mobile device featuring Bluetooth technology, an act currently referred to as "Bluesnarfing". Affected models include the Nokia 6310, 6310i, 8910, 8910i mobile phones. "

Nokia recommends the following in order to prevent "Bluesnarfing". In public places, where phones with Bluetooth technology might theoretically be targets of malicious attacks, reliable ways to foil potential hackers are:

To set the device to "hidden" mode using the Bluetooth menu. Personal devices like headsets can still connect to the phone, but intrusion is much more difficult since the hacker will have to know or guess the Bluetooth address before establishing a connection.

If a user wants absolute security, they can simply "switch off" the Bluetooth functionality of their mobile phone. This will not affect other functionalities of the phone.