Bluetooth was originally designed by Nokia with the name Wibree in 2006, which was then later adopted by the Bluetooth Special Interest Group (SIG) in 2010.
Later on, the Bluetooth 4.0 core specification was released with the focus on designing a radio standard with low power consumption targeting use in devices with low resources, power, and bandwidth.
Bluetooth security includes authorisation, authentication and optional encryption. Authentication is the proving of identity of one Bluetooth-enabled device to another. Authorisation is the granting or denying of Bluetooth connection access to resources or services from the requesting device. Encryption is the translating of data into secret code so that eavesdroppers cannot read its content. Currently Bluetooth 5.0 Specifications are implemented in latest devices.
Major Bluetooth vulnerabilities:
Bluejacking:
This is the process where an attacker sends unsolicited messages or business cards to a Bluetooth-enabled device, mostly for advertising purposes. Bluejacking resembles spam and phishing attacks conducted against e-mail users.
When a bluejacking message is sent with a harmful intent, it might entice users to respond with action to add the new contact to the device’s address book. Bluetooth device owners should be aware that this might cause a variety of social engineering attacks where it manipulates user into performing actions or divulging confidential information.
Bluesnarfing:
This is a method to force a connection with a Bluetooth-enabled device to gain access to data such as contact list, calendar, emails, text messages, pictures, videos and the international mobile equipment identity (IMEI) stored in the memory. IMEI is a unique identifier for devices, and can be exploited by an attacker to divert all incoming calls from the user’s device to the attacker’s device.
As sensitive information may be stolen from devices through bluesnarfing, it is much more malicious compared to bluejacking, even though both exploit devices’ Bluetooth connections without the owners’ knowledge. By setting a device’s Bluetooth to non-discoverable mode, the device becomes less susceptible to bluesnarfing although it may still be bluesnarf-able via brute force attack.
Bluebugging:
This method was developed after the onset of bluejacking and bluesnarfing where it allows attackers to remotely access a Bluetooth-enabled device and use its features, such as read phone books, examine calendars, connect to the Internet, place phone calls, eavesdrop on phone calls through call forwarding and send messages without the user’s knowledge. As with all the attacks, the attacker must be within a 10 meters distance from the device.
Bluesmack:
This is a Bluetooth Denial Of Service (DOS) attack where the Bluetooth-enabled device is overwhelmed by malicious requests from an attacker, causing it to be inoperable by its owner and draining the device’s battery, affecting the continued operation of the device after the attack. Due to the proximity required for Bluetooth connection, users can move the device to a new location to prevent the attack from happening.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM
