Bluesnarfing

GeekyChickGeekyChick CISSP, CEH, CCNA, Sec+, SplunkMember Posts: 317 ■■■■□□□□□□
If someone snarfs you on Blue Tooth would you know it? For example, can someone steal your phone contacts via BT without you knowing it?

Comments

  • TeKniquesTeKniques OSCE, OSCP, CISSP, CISA, SSCP, MCSE (03), Security+, Network+, A+, Project+ Member Posts: 1,262 ■■■■□□□□□□
    Generally speaking, bluesnarfing is the theft of information without the person who owns the compromised device knowing. However, since most (almost all) mobile devices nowadays require a pairing request it would be harder to do this without the owner knowing. Another however ... if there is a vulnerability in the mobile device's software that allows pairing automatically without user interaction during the discovery/pairing phase then obviously information could be stolen without the owner's knowledge.

    The best way to avoid this altogether is to just turn your Bluetooth off when not using it and keep your phone software up-to-date/patched.
  • MAC_AddyMAC_Addy Member Posts: 1,740 ■■■■□□□□□□
    That is a very good question. Like TeKniques said, most devices require a pairing session/pin, it's not likely to happen. However, some older models may have exploits within their OS. Best practice is to turn off BT when you're not using it.
    2017 Certification Goals:
    CCNP R/S
  • VeritiesVerities Member Posts: 1,162
    That's not the only way to steal data from a phone. Even if you have your BT turned off, many of the chips in your phone operate on RF and can have their signals intercepted:https://www.wired.com/2014/11/airhopper-hack/ At this point I believe these guys have the most hardened mobile phone available on the market:https://copperhead.co/android/
  • GeekyChickGeekyChick CISSP, CEH, CCNA, Sec+, Splunk Member Posts: 317 ■■■■□□□□□□
    @Verities, that's not making me feel any better. haha It's like the more I learn the more I worry about vulnerabilities, and I'm not very far along in my studies either. I don't want to be the only one at a Cybersecurity conference (or worse places) without the memo on how to protect yourself. The other day I was on a plane and someone tried to send me a picture via AirDrop on my iPhone. I declined, so by declining is that also declining the connection also? Thanks!
  • evarneyevarney Member Posts: 68 ■■■□□□□□□□
    So I've just recently read about this. I knew that it was exploitable but wasn't terribly familiar with the terms. The limitations on bluetooth for your standard cellphone/car is like 10m from what I understand, and once I was actually following a coworker in a car that he had previously paired his BT phone with, in his car.

    I was able to hear him talking to his wife when I pulled up to a red light. kind of funny, not that anything was interesting to hear. I imagine that BT security is really only as good as the distance you keep from your assailants.
Sign In or Register to comment.