Bluetooth is an open wireless protocol for exchanging the data over short distances. People use bluetooth widely for communication in day to day life, hence security is a major concern. People who send sensitive information over wireless connection need to take precautions to prevent information from leaking out to the external world.
Some of the Bluetooth – specific security issues (loopholes) are :
- Bluejacking
- Bluesnarfing
- Bluebugging
Bluejacking is sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers. This is achieved by sending a business card wherein the name field contains the message to other Bluetooth users within a 10 meter radius.
Bluejacking doesn’t harm the mobile phones. However, it makes users think that the phone is malfunctioning as they fail to understand what has happened.
To prevent bluejacking:
- Disable Bluetooth when you don’t need it and nobody will be able to bluejack you.
- Set the Bluetooth device to hidden, invisible or non-discoverable mode.
- Ignore bluejacking messages by refusing or deleting them.
Bluesnarfing involves accessing unauthorized information from a wireless device through a Bluetooth connection between phones, desktops, laptops and PDAs. This allows access to the calendar, contact list, emails and text messages, and even multimedia content (pictures and videos).
Bluesnarfers illegally pair with Bluetooth-enabled devices like cell phones and PDAs to access data which can include everything from your address book to sensitive personal/corporate information.
Bluesnarfing can be done if the phone allows pairing and your Bluetooth is on and discoverable. Someone with the right program can easily create a remote connection without any confirmation or code-input from you and can easily download the details.
A phone set to “hidden” mode can be bluesnarfed by guessing the device's MAC address via brute force. However, this is difficult because Bluetooth uses a 48-bit unique MAC Address, so there are over trillions possible addresses to guess.
To prevent bluesnarfing:-
- Update your devices. Early models often has discoverable mode by default. These loopholes are eliminated in most of the newer devices.
- Sdevice mode to “hidden” as a regular practice.
- Do not pair your phone with an unknown device.
- Do not accept contact from unknown contact source. One of the common bluesnarfing techniques is to send an unsolicited business card. When you accept that, device becomes a trusted device and can access your data.
- Protect the data with IPINs
Bluebugging is a form of bluesnarfing. Bluesnarfing is about stealing files from a victim’s device whereas bluebugging is taking control of a victim’s mobile and commanding it to do whatever the bluebugger wishes. A bluebugger can take complete control over you phone, and use it to send message or make a call or do anything as they own the phone.
When a hacker successfully bluebugs your phone, he can access your Internet connection, make calls from your phone number, listen to your conversations and change entries in your calendar and contact list.
To prevent bluebugging:-
- Check if your phone model is susceptible to bluebugging. Older phone's Bluetooth technology is easy to bluebug.
- Contact phone’s manufacturer, as many of the major cell-phone companies have developed software patches that makes difficult to bluebug the phones.
- Turn off the phone’s Bluetooth capability when not required as the bluebuggers can only make a connection when Bluetooth is enabled.
- Scan all incoming multimedia messages and electronic business cards for viruses.
- Take advantage of the fact that a phone cannot be bluebugged beyond 10meter hence if possible move to a remote area when using your phone's Bluetooth capabilities.
Summary
- Turn on the Bluetooth of your phone if and only if it is required.
- Try not to use Bluetooth in public places.
- Upgrade the phones with the latest patches available in the market.
- Don’t accept any data from an unknown source.
0 comments:
Post a Comment