Wednesday, November 11, 2009

Bluetooth and Mobile Phone Security

Today I started reading on long range Bluetooth devices and then drifted on to on technologies used to hack/attack mobile phones.

Long Range Bluetooth devices
For long time I had trouble convincing investors about the range of BT devices. Everyone believes BT devices can communicate only within 10 miters. Years back I read about the long range BT devices but now it has become a commercial reality. There are devices that claim to communicate upto 28 miles. Those are industrial BT devices and are expensive. But the one caught my attention was the one from "AirCable". Their $120 device can communicate upto a mile!!

Mobile device security
I came across two major types of attacks("BlueJacking" and "Bluesnafing"), surprisingly both of them are Bluetooth based.

BlueJacking
Bluejacking is not harmful, but can be annoying. The idea is compose a message with an unusual phone number (such as "you are being Bluejacked") and sending it to an arbitrary victim in the proximity over Bluetooth. The advantage here is that the target user cannot trace the sender. If the victim is a common user who doesn't know anything about BlueJacking, it can be annoying or even frightening. The only advantage from attacker's perspective is that he can use this technique to locate the victim by sending a message and watching who picks up the phone.

Bluesnarfing
This is an advanced technique like computer hacking. The attacker gets some level of control over the victim's phone. It is not clear how it is done, but apparently they make use of vulnerabilities of the platform. Many phones with such vulnerabilities are listed. I guess they might be using use some carefully carved BT messages to embed the shell code and take the advantage of the vulnerability to run the shell code.

Takeaway
• The attacker can hack into your cell phone over bluetooth
• The worst thing the attacker can do is 1)Steal your data (address book, notes, SMS etc) 2) Make calls without your knowledge
• These attacks are not popular in US (yet)
• If you turn OFF the Bluetooth completely, you are 100%safe! If you turn off the "device discovery" then you are 75% safe (sort of)
• It worth checking the platform before you buy your next cell phone
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)