Tuesday, January 13, 2009

Categories of bluetooth hacking

Bluetooth hacks are categorised broadly among:

Bluejacking is the simplest of the four. The hacker uses it by making an attempt to send a phone contact or business card to another nearby phone. The ‘name' field of the contact can be misused by replacing it with a suggestive text so that the target device reads it as a part of intimation query displayed on its screen. This may be thought of as equivalent to spam e-mail since both are unsolicited messages displayed on recipients' end without consent, and by exploiting the inherent nature of communication.
Bluesnarfing goes a step further and actually accesses or steals data like messages, calendar, phone book etc., from the target device in an unauthorised manner which includes bypassing the usual paring requirement. Here, the problem is bigger since there have been reports of the tools that use methods such as device address guessing and brute force in order to break-in, even when device is configured as ‘invisible'.
The next level of sophistication in Bluetooth hacking is Bluebugging where the victim device is controlled by the attacker who sends commands to perform actions as if having physical access to the device this is a functionality analogous to Trojans. The tools for Bluebugging include ones that run off the PCs, which means laptops with high range Bluetooth connectivity, which makes things even worse.
Lastly, it is Bluetoothing which typically means social networking in short range, and possibility of harassment from the security point of view. Then there are programmes for Bluetooth PIN code cracking as well.

No comments: