One of the most popular ways to transfer data between two mobile devices, in range, is via Bluetooth. But Bluetooth just like any other wireless network is prone to attackers. Bluetooth Hacking could be classified into following three categories:
Bluejacking, though classified in Bluetooth hacking, isn't exactly harmful to the user in any way. It involves sending of unsolicited messages by an attacker to other Bluetooth enabled devices. The messages are sent in such a way, that the other user HAS to see the message. This is usually done by creating a new contact with the contact namefield as message, which the attacker want to send to the victim. This does not cause any changes to the victim's phone, except getting him confused about what has happened.
This method, as already said, not being harmful, may for some period of time confuse the user which may lead to think that their phone has been hacked.
Bluesnarfing is an advanced Bluetooth hacking technique, which is done with the help of advanced equipment, and at the same time, being in a certain range of target. A successful exploitation lead the attacker to gain full control of the hacked device, with the ability to make phone calls, eavesdrop phone conversations, read and write messages, and even perform network activities. The attacker uses OBEX push profile to attempt to send an OBEX GET command to retrieve known filenames such as telecom/pb.vcf. The enhancement to this Bluesnarf++ connects to the OBEX FTP server to transfer the files.
Bluebugging is similar to Bluesnarfing, but the attacker gets full control of the device in Bluebugging. This is similar to Trojans used in computers. The attacker also gets to execute remote commands on the victim's device.
Tools used for Bluetooth Hacking
Bluescanner: The first thing one would need to know in Bluetooth hacking, is to identify the devices having their Bluetooth turned on. Bluescanner is a tool for windows XP SP2, which helps in discovering the Bluetooth devices as well as tries to get all the information possible about each and every devices found. You can get this tool here.
Bloover: Bloover is a mobile application that runs on J2ME based handsets. It is an audit tool, which could be used by mobile users, in order to find out, if their phone or the phones in the nearby are vulnerable to Bluetooth attackers.
Since, it is just on audit tool, after finding out the vulnerability, it doesn't allows the attacker to send sms using the compromised phone.
BT Browser: It is a J2ME mobile application, which offers the same functionality similar to that of Bluescanner. This application works on phone, which supports JSR-82 such as Nokia 6600 and Sony Ericsson P900.
BTAudit: It has a set of two tools dedicated to Bluetooth hacking. The division is done on the basis of protocol scanned. The two protocols are L2CAP PSMs (Protocol Service Multiplexer) and the RFCOMM Channels. You can get it here.
BTCrack: BTCrack is a software to break bluetooth pass phrase by bruteforcing. It captures the pairing exchanges and then bruteforces the passkey and the link key.
BTCrawler: It is a Bluetooth device scanner for windows Based mobiles. It could also perform other bluetooth hacking techniques, namely BuleSnarfing and Bluejacking, to the vulnerable devices in range.
Popular
Tags
Videos
0 comments:
Post a Comment