Bluesnarfing
Bluetooth a short range wireless communication technology developed for use at home, office and Personal Area Networks. Over the years Bluetooth integration has been achieved in mobile phones, Personal Digital Assistants (PDAs) and other consumer devices. When blue tooth was conceived, an essential element of the technology was its requirement for a low expectation of end user technical ability and minimum levels of user setup and configuration for ease of use. This was adopted to ensure that widespread adoption and utilization of Bluetooth technology by the general public could be achieved
A direct consequence of this requirement some users are not aware of the functionality Bluetooth offers and its potential for exploitation and in many cases leave the default settings on their devices unchanged. Bluetooth enabled devices are vulnerable to exploitation using a range of methods including Bluesnarf, Backdoor and Bluebug.
Bluetooth vulnerabilities
The use of Bluetooth technology to access restricted areas of a users' device without their knowledge or approval for the purpose of capturing data e.g. contacts, images, lists of called missed, received or dialed, calendars, business cards and the device's International Mobile Equipment Identity (IMEI) is known as Bluesnarf. Bluesnarfing works by using the push profile of the Object Exchange protocol (OBEX) which is a built-in Bluetooth functionality for exchanging electronic business cards.
Instead of pushing a business card the Bluesnarf attack pulls using a "get" request looking for files with known names e.g. phonebook file (telecom/pb.vcf) or calendar file (telecom/cal.vcs). This vulnerability exists due to the manner in which the OBEX push profile was implemented in some of the early Bluetooth enabled phones, which did not require authentication from other Bluetooth devices attempting to communicate with it. Accessing information by Bluesnarfing was thought to only be possible if the users device is in "discoverable" or "visible" mode, but Bluesnarf attacks have being carried out on devices set to "non-discoverable" mode.
To achieve this the Bluesnarfing software needs to address the device by its unique 48-bit Bluetooth device name. For example, uncovering the device name is possible using software applications such as RedFang. This application uses a brute-force approach to discover device addresses by systematically generating every possible combination of characters and recording those combinations which get a response. Fortunately this approach is time consuming, potentially taking hours of computation.
Current scenario
The subsequent release of the Bluetooth specification 1.2 has addressed this problem by adding an anonymity mode that masks a device's Bluetooth physical address. In addition a major privacy concern related to this type of attack is the possibility of obtaining the IMEI of a device which can then be utilized to uniquely identify a phone on a mobile network and could also be used in illegal phone cloning. This could give someone the ability to use a cloned subscriber identity module (SIM) card to track a mobile device and by inference the user carrier without their knowledge. Recent firmware upgrades have corrected this problem but many phone owners have not installed them
Nokia the World leading Mobile phone manufacturer recently made this announcement "Nokia is aware of claims that there are security issues relating to malicious attempts by hackers to access another user's mobile device featuring Bluetooth technology, an act currently referred to as "Bluesnarfing". Affected models include the Nokia 6310, 6310i, 8910, 8910i mobile phones. "
Nokia recommends the following in order to prevent "Bluesnarfing". In public places, where phones with Bluetooth technology might theoretically be targets of malicious attacks, reliable ways to foil potential hackers are:
To set the device to "hidden" mode using the Bluetooth menu. Personal devices like headsets can still connect to the phone, but intrusion is much more difficult since the hacker will have to know or guess the Bluetooth address before establishing a connection.
If a user wants absolute security, they can simply "switch off" the Bluetooth functionality of their mobile phone. This will not affect other functionalities of the phone.
Related Tags: bluetooth technology, bluesnarf, bluebug, bluetooth vulnerabilities, bluetooth specification 1.2
The Author Prakash T.C. is a support manager at Binary Spectrum.
Your Article Search Directory : Find in ArticlesRecent articles in this category:
- Ringtones for Cell Phones 101
A ringtone is a sound file that is used on acellular or mobile phone. This smart idea was deve - Sony Reader PRS-505 Review - Is it Worth Your Money?
The Sony Reader 505 has become an attractively affordable ebook reader since the Sony Reader P - Prototyping knowledge: about an .STL file and how to save it?
Following are guidelines for exporting from typical CAD modelers:Most CAD systems, File Save a - Logitech Digital Video Security System
Since the dawn of time people have always been afraid of others coming into their cave, it's a - The History of GPS Technology
Normal 0 false false false MicrosoftInternetExplorer4 /* Sty - The Future of VOIP Technology
Normal 0 false false false MicrosoftInternetExplorer4 /* Sty - 10 Things You Need to Know About NY VOIP
Normal 0 false false false MicrosoftInternetExplorer4 /* Sty - Video Cameras
Today, video cameras are extremely affordable, very easy to use and offer high quality video a - Making Data Administration a Part of Your Small Business
At some point it will happen to every company no matter how big orsmall they are. System failu - How to Choose a New York VOIP Service Provider
New Yorkers know a good thing when they see it, and VOIP technology iscurrently taking the Emp
Most viewed articles in this category:
- Visibility Eto Erp and Six Sigma Profiled in Quality Digest
According to Stephen Carson, executive vice president for Visibility Corp., "Many project-based manu - Four Trends for Distributors: Facing the Forces of Change
The four definitive trends listed in the National Association of Wholesalers-Distributors' publicati - Gateway Laptop Review
You may consider the M255-E if you are thinking about purchasing a Gateway laptop. At first glance, - Ipod Buying Guide &Tips - Ipod, Nano, Shuffle
Buying Ipod is just like buying a piece of enjoy-ment. The first criteria is to buy something you w - Texas Cement Choose Batchmaster for Process Manufacturing Erp
BatchMaster Software, Inc. (www.batchmaster.com), a leading provider of ERP (enterprise resource pla - Industrial CRM Must be Preceded by Change Management
Entitled Smart Practices That Pay: Leveraging Information to Achieve Industrial Selling Results, thi - Canada's Cosmaceutical Wins With Batchmaster ERP
Cosmaceutical Research Lab, already the largest contract manufacturer for cosmetic products in weste - Science is the Real God
Every religion in the world claims that its particular God is almighty. However, there is nothing in - Still wondering what VoIP is about?
So what is VoIP? Internet telephony is a rapidly-growing phenomenon that shows no sign of slo - Visibility Corporation Business Intelligence Technology Solutions
With an analysis of reporting requirements driving Hallis Hudson's business, Visibility designed a s