For a criminal to break into a Bluetooth device, they must force two paired Bluetooth devices to break their connection, known as Blueballing. For instance the connection between a cellular phone and a Bluetooth enabled headset could be broken allowing the cell phone to be hijacked.
One method used to send unwanted files is Bluejacking. Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices. In other words Bluejacking is Bluetooth spam. Bluetooth users can send an electronic business card to other Bluetooth users within a 30-foot radius of their device. If you switch from a security point of view to a business or marketing view it sounds like a neat way to advertise for free. Imagine you own a woman’s clothing store and your cell phone is broadcasting an electronic business card as you are just walking around in your everyday activities, or you broadcast within the store today’s special. What an easy and free way to reach customers. Of course if you are on the receiving end of this unsolicited ad it’s even more annoying than a telemarketer calling during dinner. Again it’s annoying but it is neither criminal nor damaging. The real damaging criminal activity comes if the electronic business card is infected. Once the infected file is added to your contacts it infects our address book. These criminal trespasses can be increased to a 300-plus-foot radius if the criminal is using a directional antenna and amplifier.
As with all forms of advertising there are tools available to help businesses market themselves. Just as there are machines to stuff envelopes for bulk mail, call machines to send telemarketing messages, and software to send email marketing material there is also software available for businesses to send Bluetooth ads to potential customers. Unfortunately criminals exploit these tools, and sometimes even alter them. The Car Whisperer is one such software tool. This software has been exploited so criminals can send audio and receive audio from a Bluetooth enabled car. This allows criminals to listen to your calls in the car, jump in on your call and even hijack your call if they want to.
Bluejacking is sometimes confused with Bluesnarfing. Any Bluetooth enabled device with its Bluetooth connection set to “discoverable” may be susceptible to Bluejacking and Bluesnarfing. Bluesnarfing is when a criminal breaks into your phone to access private information via a Bluetooth connection, often between phones, desktops, laptops, and PDAs, and steals information. Both Bluesnarfing and Bluejacking exploit Bluetooth connections without the victim’s knowledge.
Bluebugging is a form of Bluetooth that allows a criminal to listen in on your phone calls. It was developed after the onset of Bluejacking and Bluesnarfing. Bluebugging breaches a phones security to create a backdoor attack before returning control of the phone to its owner. Once a criminal has backdoor control of a phone they use it to initiate a call back to themselves making it possible to listen-in on calls. With a Bluebug program on your phone a criminal also has the ability to create a call forwarding application on your phone. This would allow them to receive calls intended for you. Bluebugging can also be used to control a victim’s phone by using Bluetooth headsets. The Bluebug program tricks the phone into thinking it is the Bluetooth headset then sends commands as the headset. Using Bluebugging a criminal can get your calls, send messages, read phonebooks, examine calendars and make calls on your cell phone.
A variation of Bluesnarfing has recently begun called Bluesniping. Bluesniping is a way for criminals to access Bluetooth enabled devices from long ranges. The name Bluesniping is used to describe this method because the tool used by the criminal looks like a sniper rifle. The tool can be built by mounting a small embedded PC with some open source software, directional antenna and battery on a rifle stock. This homemade rifle is capable of targeting Bluetooth devices from ranges over 1 mile.
Even though the examples given in criminal actions related to Bluetooth connections have described attacking cell phones they can be applied to any Bluetooth enabled device. For instance Pod slurping happens when a Bluetooth enabled portable data storage device, like an iPod touch, is hijacked in one of the above methods, then used download large quantities of confidential data when it is plugged it into a computer.
Bluetooth enabled devices have built in security features. Most Bluetooth enabled devices have the ability to exchange data with “trusted devices” without having to ask for permission. They also have the ability to allow users to decide whether to allow or deny access when another Bluetooth enabled device tries to connect.
There are also measures you should take to protect yourself.
1) Do not set your device to “discoverable”. If device is not st to discoverable it will not respond to scanning attempts. As such your 48 bit address that identifies your Bluetooth enabled device (BD_ADDR) will not be revealed. If your device is not discoverable a pairing request can only be made if you know the other device’s BD_ADDR.
2) Set your device to require consent to pair with Bluetooth Enabled devices.
3) Keep your Bluetooth firmware and software up to date. Prior to Bluetooth version 2.1 Bluetooth developers had the options to allow devices to communicate without encryption. Bluetooth version 2.1 and newer requires encryption.
4) When pairing devices use a long passkey. Never enter passkeys or PINs when unexpectedly prompted to do so.
5) Remove and re-pair your Bluetooth devices periodically, being sure to change the PIN when you do so. By doing this you are eliminating the risks of being exploited by trusted devices you no longer use. Since most people pair devices for almost any reason, like sending a file or getting a VCard, the list of trusted devices can be large.
6) Keep Bluetooth enable devices as close together as possible when Bluetooth links are active. This will help prevent someone interrupting your Bluetooth communication stream.