Bluetooth devices easily hacked

2007-10-23 13:31

Cape Town - Bluetooth-enabled devices are vulnerable to unscrupulous hackers, an expert warns.

Bluetooth was invented to connect devices such as cellphones, laptops, PCs, printers, digital cameras and video game consoles over a short-range radio frequency, but like any computer network, using Bluetooth can leave you vulnerable.

"Bluetooth hacking techniques vary tremendously. There are various attacks that have proved to be very effective over the last few years. Some of these attacks include making unauthorised calls and transactions, reading and sending SMSs on a target phone, erasing information and downloading personal information such as phone books and access codes," says ICT security expert Dino Covotsos.

Covotsos is MD of Telspace, a Johannesburg-based company specialising in managed security services. Telspace routinely makes use of Bluetooth vulnerabilities to test the security level of its corporate clients' networks.

"From our case studies and actual attack and penetration tests, we have often utilised specific Bluetooth attacks to gain further entrance into a network," Covotsos says.

"Specific implementations or versions of Bluetooth are susceptible to exploitation because of design flaws and various other factors," he explains. "Hacking Bluetooth is quite a broad subject so in terms of taking advantage of certain devices (not only cellphones) one can literally control the device completely once it is exploited or paired.

"As an example, successful exploitation would include being able to access the entire contents of the phone such as call records, SMSs, keylock codes and so on."

Methods of attack

Covotsos explains that there are many different methods to get confidential information off a mobile device. Hacking methods such as Bluebugging, BlueSnarfing and Carwhispering are just a few of the most common methods of attack.

"The Bluebug attack, for example, allows attackers to perform unauthorised transactions on vulnerable devices. Distance is very important and is limited by the transmitting power of class 2 Bluetooth radios, which is 10-15 metres. But this distance can be increased with directional antennas.

Bluesnarfing is the best known form of attack and hackers take advantage of the OBEX Push Profile (OPP), which was developed for purposes such as business card exchange. In most cases this service does not require authentication, so attackers can then request common filenames such as pb.vcf, which is the phonebook on a cellphone.

Even a Bluetooth device that is set on "hidden" can be found and broken into. This is possible through a technique known as "brute force scanning". An application called RedFang is used to find non-discoverable Bluetooth devices by forcing the device to reveal the last six bytes of its Bluetooth address and also reading its name. Hackers can then extract confidential information from the device such as phonebook entries and SMSs.

"There are some serious vulnerabilities in certain implementations of Bluetooth which allow for exploitation of the device," Covotsos observes, "so the most vulnerable phone is one which has an older implementation. However people often forget about the social engineering factor for attacks, where it literally takes just a few seconds to pair with a device and once that has been done the device is compromised."

What to do?

There are various ways in which you can prevent your phone, PDA or PC from being exploited.

Firstly, turn off Bluetooth when it's not required all of the time. Enable "hidden mode" and change the phone name from the default one because hackers will usually first go for such known vulnerabilities.

At the very least enable PIN-based authentication and use anti-virus software, although this is a cost factor. Also, keep up-to-date with firmware and any security updates for the device.

But, warns Covotsos, while newer versions and implementations of software are being brought out continuously, hackers will constantly try to break them - so keeping up to date is essential.

NEXT ON NEWS24X

Read News24’s Comments Policy

 

Inside News24

 
 

An uncomfortable election

The latter few weeks of election 2014, have seen South Africans reeling from an assault on their comfort zone when it comes to voting, writes Daniel Silke

 
 

Latest elections multimedia

Why Jack Parow wants you to vote on 7 May
The ad the SABC doesn't want to air
Elections 2014 in one cartoon
This year's election posters
 
Traffic
Lottery
 
  • Thursday Sir Lowry's Pass - 05:35 AM
    Road name: Old Sir Lowrys Pass Road
    TRAFFIC LIGHTS not working at Bezweni Road
  • Thursday Cape Town - 05:35 AM
    Road name: Buitengracht Street
    TRAFFIC LIGHTS not working at Waterkant Street
 
More traffic reports...
 

Jobs in Cape Town [change area]

Property [change area]

Travel - Look, Book, Go!

Escape winter, head to Mauritius

Escape winter by spending 7 nights in Mauritius' tropical bliss from R13 215 per person sharing. Includes return flights, airport transfers and accommodation. Book now!

Kalahari.com - shop online today

Get many eggs in one basket!

Gaming bundles: 2 Super Hits games for R99, 3 Disney games for R99 and more + exclusive accessory bundles only available on kalahari.com. While stocks last. Shop now!

25% off bestselling books!

The Real Meal Revolution by Tim Noakes, Jeffrey Archer’s Be Careful What You Wish for, Man’s Search for Meaning by Victor E. Frank and many more titles. Shop now!

Up to 25% off electronics

Buy top electronics and save up to 25%. Such as kalahari.com’s 1# selling product the gobii eReader, Patriot X Porter flash drive, Asus Nexus 7” 3G tablet, Samsung Galaxy SIII, Lenovo G580 Notebook and many more. Shop now!

DStv HD PVR Decoder now R949

The DStv HD PVR Decoder has further revolutionised the television experience with lifelike viewing, sharper images, more vibrant colours and precision picture quality. Now R949, save R550. Offer valid while stocks last. Shop now!

Up to 30% off appliances & homeware

Save up to 30% on appliances and homeware this Easter! Offer valid while stocks last. Shop now.

OLX Free Classifieds [change area]

Samsung Galaxy s4

Mobile, Cell Phones in South Africa, Western Cape, Cape Town. Date October 24

Best bargain in big bay

Real Estate, Houses - Apartments for Sale in South Africa, Western Cape, Cape Town. Date October 25

VW Golf 6, 1.6 Trendline (Excellent condition)

Vehicles, Cars in South Africa, Western Cape, Cape Town. Date October 25

Nokia N9

The Nokia N9 has a beautiful one-piece, unibody design where...

From R2899.85

I'm shopping for:

Horoscopes
Aquarius
Aquarius

You may find yourself putting in that extra effort on looking good and making an impression. ...read more

There are new stories on the homepage. Click here to see them.
 
English
Afrikaans
isiZulu

Hello 

Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.


Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Settings

Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.








Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.