BLUETOOTH HACKING

Bluetooth is great..You can snap pictures,take video clips with your camera phone,transfer it to your laptop,or beam across to a friend's mobile.However,if you do not secure Bluetooth access on your phone,it is easily "discoverable" by other Bluetooth devices in the immediate vicinity.A person with a Bluetooth enabled device can send you unsolicited messages,transfer viruses and worms to your phone,or even gain access and steal your personal data and/or corrupt it.An experienced Bluetooth hacker can gain access to your mobile phone calls,send expensive international SMS messages,write entries into your phonebook,eavesdrop on your conversations,and even gain access to the internet.
    Bluetooth criminals are known to roam neighbourhoods with powerful Bluuetooth detectors that search for Bluetooth detectors that search for Bluetooth enabled cell phones,PDAs,and laptops.They are known to fit laptops with powerful antennas that can pick up Bluetooth devices from with-in a range of 800 metres!!The latest tactic is to force Bluetooth devices in hidden mode to pair with the attacker's device.This,however,is very labour-intensive,and is most often used against known targets who have large bank accounts or expensive secrets.

    
   

HOW IT WORKS

  Almost all cases of bluetooth attacks are a result of improper setup of the bluetooth device.In most cases,Bluetooth devices are configured at security level 1,where there is no encryption or authentication.This enables the attacker to request information from the device that will be helpful in stealing it.

    Once stolen,not only is the data on the device compromised,it will also compromise the data on all devices trusted by it.This can then be used to eavesdrop on conversations between other devices.

        Additionally,bluetooth uses the service discovery protocol(SPD)to determine what services are offered by what devices in range.Attackers can use this information to launch service-specific attacks on any of the devices.

  If the attacker is able to obtain the link keys and the addressing of two communicating devices,he can launch a man-in-the-middle type of attack where all information is routed through the attcker's device.

   Attackers can also eavesdrop on devices that are pairing up for the first time.This will give the attacker sufficient information to use algorithm to guess the security key and pretend to be the other device.

      

AVOIDING IT

  Securing your Bluetooth phone is easy.Take these few simple steps to ensure that your device is protected from Bluetooth attacks.

1.  Switch off the Bluetooth when not using it.This will prevent unauthorised access for the most part.Only enable Bluetooth when you are actively transferring data from or to another device.
2. Use a strong PIN code,one that is at least six to eight digits or longer.
3. Many devices offer tons of features to maximise the usability of your Bluetooth connections.Review the documentation and disable all that are a security risk,and pay special attention to the security settings.Use encryption by default and only disable it if the device you are communicating with doesn't support it.
4. Ensure that bluetooth is running in hidden mode.When you are pairing it with another device,like a headset,you will need to run it in discoverable mode.Do this in a secure location like inside your office or home.Once the link has been established,go back to hidden mode.If for some reason the pairing breaks when in a public place,wait till you are in a secure location before re-pairing the two devices.

      5.Be aware of where you are.If you are in an open,public place,it is best to disable bluetooth.Public  place,it is best to disable bluetooth.Public wireless hotspots are a favourite hangout of"bluejackers".

               

                                                             

Posted in: General