With the rapidly growing adoption of Bluetooth by portable devices and IoT devices primarily because of the ease of use, the threats related to Bluetooths are growing manifold. Like any other technology, Bluetooth is vulnerable to several attacks, including BlueSmacking, BlueJacking, BlueSnarfing, and BlueBugging.
In this post, we will be discussing common Bluetooth Attacks in detail, but before that, let’s understand the basics of Bluetooth.
What is Bluetooth?
Bluetooth is a wireless technology standard widely used to exchange data and information between different devices using UHF (Ultra high frequency) radio waves in the ISM Bands over a short distance. It was invented in 1998 as an alternative to RS 232 Data Cables. Bluetooth typically has a range of up to 10 meters or 30 feet.
Bluetooth is not a single protocol but a collection of multiple different protocols grouped under a single specification. The latest Bluetooth standard is Bluetooth 5. However, most devices available use versions 4.0 to 4.2. Several IoT vendors actively work to extend support to legacy authentication protocols, sometimes as old as Bluetooth 2.0, which can eventually compromise the level of security.
The IEEE, which initially standardized Bluetooth as IEEE 802.15.1, does not maintain the standard anymore. Bluetooth is managed by Bluetooth SIG (Special Interest Group). Bluetooth SIG is a non-profit and non-stock organization established in September 1998. Since then, SIG has evolved as a network of member organizations working as caretakers and innovators of Bluetooth technology.
Following are the common types of Bluetooth attacks typically used by attackers to target mobile devices.
BlueSmacking is a DoS (Denial of Services) attack executed on Bluetooth-enabled devices. The attacker uses Logic Link Control And Adaptation Protocol (L2CAP) to transfer oversized packets to a Bluetooth-enabled device, eventually overwhelming the device and making it temporarily inoperable.
The attacker can use a standard Linux utility like l2ping to launch the attack. However, attackers can typically perform this attack in a limited range (<10 meters) for smartphones. For laptops, the attack can be extended up to 100 meters using powerful transmitters.
Bluejacking is a method to exploit Bluetooth functionality to send unsolicited anonymous messages to another device. These messages may include from anonymous admiration to marketing material or a business opportunity. While it may be annoying, Bluejacking is not illegal in most countries.
You can consider Bluetooth as another method of spamming. However, Bluejacking is uninvited and invasive as the messages will appear without your consent or control. Also, It is worth noting that using Bluejacking; an attacker can not take control of your device.
Bluejacking is pretty easy to execute since most mobile handsets support sending contacts via Bluetooth, which is the only prerequisite of Bluejacking. The sender can use this functionality to insert a message in the contact name field and send it via Bluetooth.
For example, if someone is sitting in a coffee shop and notices another person sitting to enjoy a cup of coffee. He can set up a contact with the name “Is your coffee hot enough?”. Once he chooses to send the contact via Bluetooth, his phone will search and display other enabled Bluetooth devices. He can simply select the desired one and send the unsolicited message. A Bluejacker’s glory moment comes when the victim reads the message and exhibits a mix of confusion and fear, knowing that they are under surveillance.
First known instance of Bluejacking was carried out between 2001 and 2003 by a Malaysian IT consultant in a Malaysian bank, who used his mobile phone to advertise Ericsson to a Nokia 7650 phone owner.
BlueSnarfing is an advanced attack that allows an attacker to access the data on the victim’s phone using Bluetooth. An attacker can execute this attack if the victim’s phone has Bluetooth on and is discoverable. The attacker can then discover and exploit the OBEX (Object Exchange) protocol vulnerabilities to gain access to the victim’s data. BlueSnarfing is illegal in most countries.
An attacker can execute a BlueSnarfing attack using a third-party utility like Bluediving. The motive of this attack is to steal sensitive data from the victim’s device. The attacker will pair their device with the victim’s phone to execute this attack, allowing the hacker to access and download the information and data from the victim’s device.
An experienced attacker can write a program by himself, get one from the dark web or even hire another hacker to execute the attack. Devices like laptops or tablets are typically at less risk of this attack since their complex security mechanism can immediately come into action and block the attack; however, this is not true for smartphones.
BlueSnarfing was first observed in 2003, at the time of security testing of Bluetooth devices.
BlueBugging is a hacking attack that allows a hacker to gain access and control of a device with a discoverable Bluetooth connection. Once the exploit is executed on the victim’s device, the attacker can gain complete control of it. The hacker can now send and receive messages, access the phonebook, and initiate or eavesdrop on the phone calls.
An attacker initiated the attack by pairing with a victim’s device using Bluetooth. Once the connection establishes, the hacker can use the connection to push a rootkit or malware to bypass authentication. The malware is typically a keylogger or a RAT (Remote access trojan) that can give unauthorized access to the attacker by exploiting a vulnerability.
BlueBugging is much more advanced than BlueSnarfing and BlueJacking and requires a seasoned hacker to execute the attack. Mobile devices are more vulnerable to Bluebugging attacks compared to a laptop or a system. Attackers can also use Bluejacking to deploy Stalkerware for eavesdropping. Please refer to our earlier blog post around Stalkerware for more details.
A German researcher Martin Herfurt first developed BlueBugging in 2004. He initially created a code against laptops with Bluetooth capability, which later targeted mobile phones and PDAs.
How to secure your device against Bluetooth Attacks?
1. Turn off Bluetooth
2. Make your device hidden using Bluetooth configuration
3. Discard any unsolicited messages
4. Reject unexpected pairing requests
5. Limit the use of Bluetooth hands-free
Do not use hands-free when not required or when transferring data.