Monday, February 15, 2016

MAC Address Spoofing for Bluetooth

All network interfaces that communicate with the network have a unique identifier and so do Bluetooth. And, similar to other network devices, attackers can spoof the MAC address of Bluetooth devices also.

Let's understand more on MAC address and MAC Address Spoofing of Bluetooth devices.

Bluetooth MAC Address

Bluetooth MAC address is a 48-bit long unique identifier that uniquely identifies each Bluetooth device.

Out of this 48 bit Bluetooth MAC Address, 24 bit is a company identifier, which is unique to the manufacturer. Each vendor registers and obtains a MAC prefixes assigned by the IEEE. A vendor may get more than one MAC prefixes also, each one used for different products.

And the rest 24 bit is a company assigned identifier which is assigned by the manufacturer. Each vendor assigns a unique 24 bit suffix for each Bluetooth device. Different vendors may assign same 24 bit suffix for different Bluetooth device, but that does not create problems as the 48 bit MAC addresses altogether remain different.

How do I get MAC Address of my Bluetooth device

You can find out the MAC Address of your Bluetooth device from the device itself. You can go to settings of your device and select Bluetooth, it would show the MAC Address of the Bluetooth device.

Why MAC Address Spoofing

MAC Address Spoofing is changing the MAC Address of the device to some other value.

MAC Address Spoofing is done for various reasons. Security experts do this for Penetration testing.

Attackers spoof MAC Addresses mainly for stealing sensitive data from the device. They change the MAC address of their device to that of the victim's device. As a result, data meant for the victim reaches the attackers first. They intercept the data and then may forward it to the victim's device so that it remains undetected.

How is MAC Address Spoofing done for Bluetooth Devices

There are a number of software available for spoofing MAC Address. One such tool is spooftooph. This is used in Linux to automate spoofing or cloning of Bluetooth devices.


spooftooph -i dev [-mstu] [-nac]|[-R]|[-r file] [-w file]

-a <address> : Specify new BD_ADDR
-b <num_lines> : Number of Bluetooth profiles to display per page
-B : Disable banner for smaller screens (like phones)
-c <class> : Specify new CLASS
-h : Help
-i <dev> : Specify interface
-m : Specify multiple interfaces during selection
-n <name> : Specify new NAME
-r <file> : Read in CSV logfile
-R : Assign random NAME, CLASS, and ADDR
-s : Scan for devices in local area
-t <time> : Time interval to clone device in range
-u : USB delay. Interactive delay for reinitializing interface
-w <file> : Write to CSV logfile
(Useful in Virtualized environment when USB must be passed through.)

For example :

spooftooph -i hci1 -a 00602560AA43

This will use the Bluetooth interface hci1 to spoof itself as the device having MAC Address 00602560AA43.

spooftooph -i hci1 -R -w outputfile

This will use the interface hci1 and assign random MAC address to itself. The results will be stored in the CSV logfile outputfile.

Similarly, -r option is used for reading in the CSV logfile.

spooftooph -i hci1 -s

This will scan for Bluetooth devices in the local area within the range.

So, this article was to inform you about MAC Address Spoofing of Bluetooth devices. Hope it has helped.

No comments:

Post a Comment