Monday, February 1, 2016

What is BlueSnarfing ?



BlueSnarfing is the illegal theft of information from Bluetooth enabled devices. Using BlueSnarfing, attackers take advantage of security vulnerabilities of Bluetooth software and access Bluetooth enabled devices illegally, without the consent of the owners of the devices.


Purpose of BlueSnarfing


Attackers use BlueSnarfing to illegally access information of the Bluetooth enabled devices. Attackers can steal information like user's contact list, text messages, email messages etc using this method. This is a completely illegal as it invades privacy of users.




How is BlueSnarfing done ?


Bluetooth enabled devices communicate with each other using a protocol called OBEX or OBject EXchange. BlueSnarfing uses security vulnerabilities of that protocol.

In BlueSnarfing, the attacker first scans for Bluetooth enabled devices, especially in public places. Then they pair with those devices without the users' consent. The attackers normally use some software to do BlueSnarfing. These software enable them to get illegal access of those devices, using which they get control of the information stored in the devices.


Adam Laurie of A. L. Digital first discovered this vulnerability in 2003. And, since then this attack has affected many users. There are quite a number of software available which can enable attackers to make this attack.


How to prevent BlueSnarfing ?


The most common way of mitigating this attack is to disable Bluetooth of devices in public places or whenever it is not needed.

One can change settings of devices to make the devices non-discoverable when not needed. This will prevent the devices from being listed to the attackers when the attackers scan for Bluetooth enabled devices in nearby places. But, this cannot prevent BlueSnarfing of those devices conpletely. Beecause, attackers can use a device's MAC address to pair with a Bluetooth enabled device, even when it is in non-discoverable mode. Each Bluetooth device has a unique 48 bit MAC address, which consists of first 24 bits of manufacturer specific information and remaining 24 bits of unique information specific to the device.


How to know whether I am BlueSnarfed ?


One way of detecting whether a user is BlueSnarfed is to use some software. The same software which are used for BlueSnarfing can be used for protection also.

Using these software a user can find out all the devices that are paired with his device and see if there is any unauthorized pairing of devices. But, if you are using these software, please make sure to use that responsibly, because these software when are used otherwise, is a legal offence.



So, beware of security vulnerabilities of your devices so that you can protect those in a better way and stay safe, stay secured.



Read More

What is BlueJacking ?

What is BlueBugging ?

What is BlueSniping ?

What is BlueSmack Attack ?

What is BlueDump ?

What is BluePrinting ?

What is BlueBump Attack ?

No comments:

Post a Comment