Bluetooth sniping
   HOME

TheInfoList



OR:

Bluesnarfing is the unauthorized access of information from a
wireless device Wireless communication (or just wireless, when the context allows) is the transfer of information between two or more points without the use of an electrical conductor, optical fiber or other continuous guided medium for the transfer. The most ...
through a
Bluetooth Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances and building personal area networks (PANs). In the most widely used mode, transmission power is limi ...
connection, often between phones, desktops, laptops, and PDAs (
personal digital assistant A personal digital assistant (PDA), also known as a handheld PC, is a variety mobile device which functions as a personal information manager. PDAs have been mostly displaced by the widespread adoption of highly capable smartphones, in part ...
). This allows access to calendars, contact lists, emails and text messages, and on some phones, users can copy pictures and private videos. Both Bluesnarfing and
Bluejacking __NOTOC__ Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e., for bluedati ...
exploit others' Bluetooth connections without their knowledge. While Bluejacking is essentially harmless as it only transmits data to the target device, Bluesnarfing is the theft of information from the target device.


Description

Current mobile software generally must allow a connection using a temporary state initiated by the user in order to be 'paired' with another device to copy content. There seem to have been, in the past, available reports of phones being Bluesnarfed without pairing being explicitly allowed. After the disclosure of this vulnerability, vendors of mobile phone patched their Bluetooth implementations and, at the time of writing, no current phone models are known to be vulnerable to this attack. Any device with its Bluetooth connection turned on and set to "discoverable" (able to be found by other Bluetooth devices in range) may be susceptible to Bluejacking and possibly to Bluesnarfing if there is a vulnerability in the vendor's software. By turning off this feature, the potential victim can be safer from the possibility of being Bluesnarfed; although a device that is set to "hidden" may be Bluesnarfable by guessing the device's
MAC address A media access control address (MAC address) is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment. This use is common in most IEEE 802 networking tec ...
via a
brute force attack In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct ...
. As with all brute force attacks, the main obstacle to this approach is the sheer number of possible MAC addresses. Bluetooth uses a 48-bit unique MAC Address, of which the first 24 bits are common to a manufacturer. The remaining 24 bits have approximately 16.8 million possible combinations, requiring an
average In ordinary language, an average is a single number taken as representative of a list of numbers, usually the sum of the numbers divided by how many numbers are in the list (the arithmetic mean). For example, the average of the numbers 2, 3, 4, 7 ...
of 8.4 million attempts to guess by brute force.


Prevalence

Attacks on wireless systems have increased along with the popularity of
wireless network A wireless network is a computer network that uses wireless data connections between network nodes. Wireless networking is a method by which homes, telecommunications networks and business installations avoid the costly process of introducing ...
s. Attackers often search for rogue access points, or unauthorized wireless devices installed in an organization's network and allow an attacker to circumvent
network security Network security consists of the policies, processes and practices adopted to prevent, detect and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves th ...
. Rogue access points and unsecured wireless networks are often detected through war driving, which is using an automobile or other means of transportation to search for a wireless signal over a large area. Bluesnarfing is an attack to access information from wireless devices that transmit using the Bluetooth protocol. With mobile devices, this type of attack is often used to target the
international mobile equipment identity The International Mobile Equipment Identity (IMEI) is a numeric identifier, usually unique, for 3GPP and iDEN mobile phones, as well as some satellite phones. It is usually found printed inside the battery compartment of the phone but can also ...
(IMEI). Access to this unique piece of data enables the attackers to divert incoming calls and messages to another device without the user's knowledge.


Response

Bluetooth vendors advise customers with vulnerable Bluetooth devices to either turn them off in areas regarded as unsafe or set them to undiscoverable. This Bluetooth setting allows users to keep their Bluetooth on so that compatible Bluetooth products can be used but other Bluetooth devices cannot discover them. Because Bluesnarfing is an invasion of privacy, it is illegal in many countries.


Bluesniping

''Bluesniping'' has emerged as a specific form of Bluesnarfing that is effective at longer ranges than normally possible. According to ''Wired'' magazine, this method surfaced at the
Black Hat Briefings Black Hat Briefings (commonly referred to as Black Hat) is a computer security conference that provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world. Black Hat brings together ...
and DEF CON hacker conferences of 2004 where it was shown on the
G4techTV G4techTV was a short-lived American cable and satellite channel resulting from a merger between Comcast-owned G4 and TechTV. The network officially launched on May 28, 2004. History On March 25, 2004, Comcast announced its plans to purchase ...
show ''
The Screen Savers ''The Screen Savers'' is an American TV show that aired on TechTV from 1998 to 2005.Fost, Dan (17 May 1999)A Day in the Life of ZDTV's `The Screen Savers' ''San Francisco Chronicle'' The show launched concurrently with the channel ZDTV (later k ...
''. For example, a "rifle" with a directional antenna,
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, w ...
-powered embedded PC, and
Bluetooth Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances and building personal area networks (PANs). In the most widely used mode, transmission power is limi ...
module mounted on a
Ruger 10/22 The Ruger 10/22 is a series of semi-automatic rifles produced by American firearm manufacturer Sturm, Ruger & Co., chambered for the .22 Long Rifle rimfire cartridge. It uses a patented 10-round rotary magazine, though higher capacity box ma ...
folding stock has been used for long-range Bluesnarfing.


In popular culture

*In the TV series '' Person of Interest'', bluesnarfing, often mistakenly referred to as bluejacking in the show and at other times forced pairing and phone cloning, is a common element in the show used to spy on and track the people the main characters are trying to save or stop.


See also

*
Bluejacking __NOTOC__ Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e., for bluedati ...
*
Bluebugging Bluebugging is a form of Bluetooth attack often caused by a lack of awareness. It was developed after the onset of bluejacking and bluesnarfing. Similar to bluesnarfing, bluebugging accesses and uses all phone features but is limited by the trans ...
*
Pod slurping Pod slurping is the act of using a portable data storage device such as an iPod digital audio player to illicitly download large quantities of confidential data by directly plugging it into a computer where the data are held, and which may be on th ...
*
Snarfing Snarf is a term used by computer programmers and the UNIX community meaning to copy a file or data over a network, for any purpose, with additional specialist meanings to access data without appropriate permission. It also refers to using command ...


References

{{Reflist Mark Ciampa (2009), Security+ Guide to Network Security Fundamentals Third Edition. Printed in Canada.
Roberto Martelloni'
home page
with Linux source code of released Bluesnarfer proof-of-concept. Bluetooth Hacking (computer security)