Bluetooth Security

Teeth with Bluetooth?? Awesome. This Personal Area Network (PAN) called Bluetooth is becoming more and more bigger. Today, we can have socks, shoes, balls, hats, etc in our PAN thanks to this wireless technology and its advance like Bluetooth low energy (BLE or Bluetooth Smart) which is intended to provide considerably reduced power consumption and cost saving. However, we should be careful because everything is in the air and an attacker could take advantage of this wireless technology using some of the next tools.

Socks with Bluetooth

 

First, an attacker would scan every bluetooth device around him. In this fingerprinting phase could be used an Ubertooth One Antenna to expand the scanning area range and with the help of some applications like Ramble, BlueScan or hcitool get a detailed list of devices which are around.

Next, there are many tools to try to exploit some vulnerabilities of Bluetooth devices. One of them is BlueSnarf which was published in the late 2003 by Holtmann and Laurie. Actually, BlueSnarf exploits some vulnerabilities of OBEX protocol on mobile phones and pocket palms. The goal of this exploit is to get requests to common files like calendar, contacts, etc easily bypassing the security channel without authentication. The victim wouldn't see any prompt on his device with this attack .

Another interested tool is BlueBug which is a nice exploit developed by Adam Laurie and Martin Herfurt in 2004. This exploit is regarding Bluetooth implementation on mobile phones, especially Symbian OS, where an attacker can control devices through plain serial connecion. For example, the attacker could send SMS to another phone, calling another phone or taking pictures without authentication and without leaving any track in the victim phones. BlueBug can also download items via OBEX protocol without authentication and without any prompt.

BlueChop is another hacking tool, following BlueSnarf. It is useful to break Bluetooth piconets, which is the connection between devices. This is posible if the master phone provide support of multiple connections. The only thing the attacker have to do is spoofing a random slave out of the piconet, spoof his address and contact the master, which will confuse the master's internal state and the piconet will be disrupted.

There are many other tools to hack Bluetooth devices like BlueDump which gets link keys, BlueBump which pushes link keys, Bluelog, BlueMaho, Bluepot, BlueRanger, etc. As you can see, there are a lot of tools to hack Bluetooth devices and we can use Linux distributions like Kali Linux or Bluediving which collect many hacking tools to attack Bluetooth devices easily.

Tips for protection? Turn off your Bluetooth when you don't need it and being aware of who is around you!!!

Regards my friends and remember, Internet of Things (IoT) is here and it's here to stay.