Bluejacking and Bluesnarfing – CompTIA Security+ SY0-501 – 1.2

Bluetooth is a relatively secure protocol now, but it wasn’t always this way. In this video, you’ll learn about the growing pains of Bluetooth and the attacks that were discovered in its early days.

<< Previous Video: WPS Attacks Next: RFID and NFC Attacks >>

We use Bluetooth on our mobile devices for many types of wireless connections. And for the most part, Bluetooth has been very secure. But there have been two instances of insecurity associated with Bluetooth. And we can look at what these were with Bluejacking and Bluesnarfing.

One thing you don’t want to get on your mobile device is any type of unsolicited spam. And you really don’t want to get it over your Bluetooth network. But that’s exactly what Bluejacking allowed someone to do. People could send an unsolicited message to your mobile device without you even having the ability to stop it.

This is something that, obviously, over Bluetooth has a functional distance of about 10 meters. But you could be walking through a very busy area and have this Bluejacking suddenly occur on your mobile device. Bluejacking could also be used in conjunction with an address book object. So not only were you seeing a message, you might be seeing a message and then a request to have information in that note be added to your contacts.

There was also third party software written to take advantage of this Bluejacking, but this was effectively a pretty harmless vulnerability with Bluetooth. None of your data was exposed to the person sending these messages. And it was more of an annoyance. And of course, the Bluetooth standard was updated so that now Bluejacking is not something that can occur.

A much more significant Bluetooth vulnerability was Bluesnarfing. This was where someone could access the data on your mobile device over Bluetooth. This was the first significant vulnerability found in Bluetooth. And it was found in late 2003. It was patched very quickly after that.

This was a significant security concern. If somebody knew the file name on your device, they could easily retrieve it over the Bluetooth network. Fortunately, we haven’t seen this type of security vulnerability with Bluetooth again, but it’s something we’re always looking for to make sure that our wireless networks are as secure as possible.