Sunday, 3 February 2008

Bluetooth Hacking

Bluetooth hacking has gained popularity recently with an increasing amount of software becoming available to hackers for gaining access to Bluetooth devices. Most of the hacking tools seem to be for the Linux platform and include names such as BlueScan, BlueSniff and BTBrowser.

There is even a dictionary of Bluetooth hack terminology that seems to have become well established. Here is a brief rundown of the terms that are commonly used:

Bluesnarfing involves gaining unauthorized access to a Bluetooth enabled device for the purpose of accessing or stealing personal information or files. This form of Bluetooth hacking is probably the most difficult for the hacker to achieve and recent firmware upgrades to Bluetooth devices have reduced the risk. Your best form of protection is to not leave your phone is discoverable mode.

Bluejacking is a mostly harmless activity and usually involves sending a vCard (electronic business card) to another Bluetooth device with an offensive message in the name field. As most Bluetooth devices are still in the 10 meter range, the person who "Bluejacked" you is likely to be in the same room.

Bluebugging involves hacking into a phone using device commands without the user noticing. If the hacker were successful, they could listen in on phone conversations, make phone calls and send or receive text messages. Bluebugging has a similar result to bluesnarfing but exploits a different vulnerability that is found in older phones.

Should you be concerned about Bluetooth hack attempts? Probably not due to the fact that most Bluetooth devices are still in the 10m range and there have been recent firmware upgrades to make Bluetooth devices more secure. If you are concerned, your best form of protection is to keep your devices Bluetooth turned off when not in use. And when Bluetooth is turned on, make sure you don't leave it in discoverable mode.

Further reading:
Bluetooth hacking for fun and profit

Related posts:
Bluetooth spamming gets green light

No comments: