We rely on Bluetooth networks to connect our mobile device to headphones, speakers, and other devices, but is a Bluetooth network really safe? In this video, you’ll learn about the security concerns surrounding bluejacking and bluesnarfing.
<< Previous Video: Wardriving and WarchalkingNext: Wireless IV Attacks >>
The Bluetooth technology that’s now in our mobile devices is a great technology. It’s there and we can communicate with our computer, we can communicate with other mobile devices all with this Bluetooth technology. It even allows us to have these headsets that we have sticking out of our ears so that we can have these conversations without having wires anywhere.
The problem, of course, is that any time you have a wireless network there’s an opportunity for people to abuse that wireless network. And so there has been something called bluejacking that does something like that. This is the ability for you to send an unsolicited message to a Bluetooth-enabled device. This is spam for Bluetooth.
It’s not an email message. It’s a little bit different than that, but it’s a way that without anybody else’s authorization you can send them a message. They can see things pop up on their screen. It becomes a bit of an annoyance.
And it does this because we have this network here. Bluetooth is a great network. It’s one that is immediately available to us. We simply turn it on and we can take advantage of it.
But it does have a limited range. So to be able to do bluejacking, you at least have to be in the range of Bluetooth, which generally is about 10 meters, sometimes a little bit more, sometimes less depending on the interference, but it’s one where somebody is nearby. Now if you’re in a city, you’re in an airport, there’s a lot of people nearby with Bluetooth. But obviously, if you’re sitting at home it’s hard for somebody to get that close to you to be able to send you these messages.
The way that bluejacking works is it takes advantage of something that is a convenience for us on our mobile devices. And the convenience is being able to communicate back and forth and send things, like contact information between the devices automatically. So if I meet someone for the first time, I may want them to have my contact info and I simply tell my phone, please send my contact card over to that Bluetooth device and it sends it. The other device is waiting for it. It simply receives that Bluetooth message.
Now you can then, if you use that same methodology, get your own messages sent to a Bluetooth device because there’s no authentication. There’s no extra authorization that has to be done. You can simply send these messages to a Bluetooth device.
So the way that the bad guys do it is you create an address book object, you create a contact in your contact list, and in the name you put the message that you’d like to appear on that Bluetooth-enabled phone. So instead of putting James Messer so that the message popping up on the other person’s phone says James Messer has sent you some contact information. Would you like to accept it? It says, you are bluejacked or I’m taking over your phone or something that might scare somebody when the message pops up on their screen.
So they see the message pop up that says, you are bluejacked. Add to contacts? Now obviously, all I’m doing is sending a contact message. There’s nothing in there that is harmful. I’m not stealing somebody else’s information.
It’s more of an annoyance. It’s like spam. But they have to read it. They have to see it on their screen.
And so there have been cases where even advertisers have created methods where they’ll send these Bluetooth messages to people walking by a store or walking by a display. It is annoying. It is spam like. It’s something we didn’t ask for and therefore, it’s something you just have to keep in mind.
There’s third party software that can do this. Something like Blooover is a good example of that. You can download Bluesniff. These are Linux-based front ends that allow you to send these Bluetooth messages to other Bluetooth devices and annoy the person that’s on the other side.
This is a little bit different than something malicious because with bluejacking we’re simply being annoyed by messages. Unfortunately, there have been cases where Bluetooth has created more of a problem for us because people were able to steal our information. We call that method of stealing our info bluesnarfing. Somebody is using Bluetooth to snarf our data, to take our data right off of our phone.
This is when a Bluetooth-enabled device is able to use a vulnerability in the Bluetooth networking to be able to get onto a mobile device and steal contact information, email messages, pictures, anything you might have in a file on that phone. Different phones work different ways with different file types, but if you know the phone type that’s there or you know what to look for, you can essentially download things directly from somebody’s Bluetooth-enabled device without them knowing.
Now that, obviously, is a little bit of a challenge if you have a Bluetooth device. But fortunately, this is a very old vulnerability. It was found by Marcel Holtmann in September 2003. Adam Laurie also saw it in November 2003.
And both of them worked with the different phone carriers, the different phone manufacturers, and of course, the Bluetooth alliance to be able to patch this particular weakness in the Bluetooth software and the Bluetooth networking functionality. Those protocols themselves were a problem. So by patching it, the problem went away.
Obviously, this is a problem that occurred a long time ago. 2003. All relative to our computing devices. We go through our mobile devices every two or three years. We update the software on our mobile devices so it’s very hard to find a mobile device still running one of these very, very old versions of Bluetooth.
But this speaks to a bigger problem, of course. We have so many mobile devices. We have so many devices that use different mobile technologies and different networking technologies that we as security professionals have to stay up to date. And whenever something new comes out, we always have to look at it with a skeptical eye to determine is this something safe to do because you don’t want to run into one of these situations where you have bluesnarfing where somebody’s able to take advantage of a vulnerability in the basic functionality of these networking protocols to be able to steal information from us. And so it’s very important that we just keep an eye on it and be able to understand what has happened in the past that we can then prevent those things from occurring in the future.