What are Bluesnarfing and Bluebugging? A Guide to Bluetooth Security Issues

What are Bluesnarfing and Bluebugging? A Guide to Bluetooth Security Issues
Page content

How Safe is Bluetooth?

Bluetooth itself is an extremely secure connection protocol. While it had a few loopholes when it first was released, the subsequent releases have addressed these issues, and are now completely secure. The incorrect implementation of this protocol is what gives rise to a majority of the security issues.

For example, if a particular phone did not implement the permissions related to the Bluetooth protocol, then the protocol itself is not at fault.

Bluesnarfing

Bluesnarfing is a strange moniker given to a common security threat related to information: unauthorized access or retrieval. The retrieval of information is done through the medium of Bluetooth, where a user is unaware that the data contained in the phone is being accessed. Data from applications like the calendar, inbox, contact list and gallery can be accessed via Bluetooth. Downloading the information is done using various tools, specifically designed for bluesnarfing.

Recently, bluesnarfing was demonstrated, as it exploits security lapses in older versions of the Bluetooth standard. These lapses have been patched up in the newer versions, and as it stands, bluesnarfing is no longer a threat. That is, until a way to get around the current security layers is discovered.

One way to safeguard oneself against the threat of bluesnarfing is to install tools that will alert the user to an attempt at bluesnarfing. Most of these tools are used for bluesnarfing in the first place, so are geared towards detecting wrongful activity. Firstly, there is Bluesniff, a tool used to locate other Bluetooth enabled devices in a certain radius. It lists devices regardless of whether they are discoverable or not. Similar tools like easyjack and bloover also exist. These tools can be used to determine whether or not there is any unauthorized pairing of devices.

Bluebugging

Bluebugging was next after bluesnarfing; initially bluebugging targeted mostly laptops, but with the increased advances being made in cellular phones and PDAs, the incidents of mobile bluebugging has heightened manifold.

Bluebugging is an attack which allows an unauthorized person to listen in on calls made from and to a victim’s phone. At first, bluebugging was limited to merely listening in and as an extension, recording these conversations, but has now progressed to being able to manipulate the various functions of the phone. For example, an attacker can use a victim’s phone to make calls, send messages, in effect carry out any task that the phone can do.

A program called Blue Bug was released earlier, where bluebugging was made possible, and easy. Again, as with bluesnarfing, the vulnerabilities of phones have decreased with subsequent releases of Bluetooth technology. However, there are still some basic safeguards one can take: use Bluetooth judiciously, and not in crowded areas. It is unwise to allow strangers to handle mobile phones, as this could give them an added access to the phone. It is important to be very aware of the files that are being relayed to the phone; there is a great risk of receiving malware via Bluetooth.