There are people who have predicted the doom of bluetooth tooth attacks like bluesnarfing. Their reasoning is that WiFi will eventually replace the need for bluetooth devices and without bluetooth, it make sense there will be no bluetooth attacks.
While convincing and logical, bluetooth have yet to be phased out long after WiFi is in use. In face, there are more and more devices using bluetooth technology. The main reason: It's free. Unlike wifi which is a overall network and you are just a "user" in the network, you "own the network". You can switch in on and off anytime you like, and you don't have to pay a cent. There is no logic for example to use wifi for connecting with your headset, but bluetooth fits that function perfectly.
In fact, this neglect on the importance of bluetooth has led to an added advantage to bluesnarfers. Because every is concern about their wifi security, they neglect the fact that their short ranged network which is their bluetooth can easier be hacked into for someone who is nearby or even far away but with the right equipment.
The reason why there is little news about bluesnarfing is that there is no good solution to the problem at the moment, save for switching off your bluetooth device.
So my advice is, be careful if you keep confidential information on your bluetooth devices.
Tuesday, April 28, 2009
Tuesday, March 31, 2009
The second hurdle - encryption
In my previous entry, I talked about the difficulties in getting paired. Essentially, that is the most difficult part. That doesn't mean that there will be no challenges after that.
If you purpose of bluesnarfing is merely for fun like "oh I got paired with the phone" then it ends there. But if you intent to do anything with the phone, then you have to navigate around the the phone with phone controls.
The reason why bluesnarfing is though is because there is no idiot proof software to allow people to bluesnarf. This is also because each phone company/ model and each phone software update uses a different encryption for their software.
This means that unless you already intrinsically understand how phone command work, most simple software don't work.
Is there an easy way out? Yes and no. If you plan to professionally bluesnarf, then you will have to learn the right skills.
But if you only want to bluesnarf a particular model of mobile phone, you could source around for a ready made software meant for those models, or get someone to program it for you.
:)
If you purpose of bluesnarfing is merely for fun like "oh I got paired with the phone" then it ends there. But if you intent to do anything with the phone, then you have to navigate around the the phone with phone controls.
The reason why bluesnarfing is though is because there is no idiot proof software to allow people to bluesnarf. This is also because each phone company/ model and each phone software update uses a different encryption for their software.
This means that unless you already intrinsically understand how phone command work, most simple software don't work.
Is there an easy way out? Yes and no. If you plan to professionally bluesnarf, then you will have to learn the right skills.
But if you only want to bluesnarf a particular model of mobile phone, you could source around for a ready made software meant for those models, or get someone to program it for you.
:)
Tuesday, February 24, 2009
The first Hurdle - Pairing
One of the major hurdle to bluesnarfing is the paring process. Changes in bluetooth software since bluejacking and bluesnarfing appeared has made this process harder.
This means it is harder to gain access to the bluetooth device without actual pairing of the devices
There are several ways which bluesnarfers use to overcome this
1) Actually pair the device. This method is popular as it is the easiest. Just pair the devices once. This means that you have to either convince the person to pair with you once or you have to have access to the phone. Which means you can only do this on someone you already know.
This is sneaky, but most bluetooth software still has the flaw which allows you to gain access to the phone's data without needing to pair with it everything.
2) Hack it. Pairing is a simple 4 of 6 digit code. This is simple to crack. The problem is you cannot crack anything unless the phone already has a paired device. This isn't much of a problem since most bluetooth phones are at least paired with a headset.
3) Bypass it. This was the original way of bluesnafing and cans still be done. Technical skills required to do this are getting higher and higher and i assume (I've not tried personally) that this will be easier in old towns where people mostly use older models of phones.
Just my few cents worth of thoughts :)
This means it is harder to gain access to the bluetooth device without actual pairing of the devices
There are several ways which bluesnarfers use to overcome this
1) Actually pair the device. This method is popular as it is the easiest. Just pair the devices once. This means that you have to either convince the person to pair with you once or you have to have access to the phone. Which means you can only do this on someone you already know.
This is sneaky, but most bluetooth software still has the flaw which allows you to gain access to the phone's data without needing to pair with it everything.
2) Hack it. Pairing is a simple 4 of 6 digit code. This is simple to crack. The problem is you cannot crack anything unless the phone already has a paired device. This isn't much of a problem since most bluetooth phones are at least paired with a headset.
3) Bypass it. This was the original way of bluesnafing and cans still be done. Technical skills required to do this are getting higher and higher and i assume (I've not tried personally) that this will be easier in old towns where people mostly use older models of phones.
Just my few cents worth of thoughts :)
Tuesday, February 10, 2009
Where can you learn bluesnarfing?
A lot of people have emailed me and asked me to teach them bluesnarfing. The problem is that my close friends don't ask that of me. Most of the people who do I don't know them well enough.
How then do most people learn how to bluesnarf. There are essentially 2 groups of bluesnafer. The 1st are like me, versed in networking and securities and dabble with bluetooth vulnerabilities for fun. The second group are people who started with bluejacking. After enough fun with that they graduate to bluesnarfing.
The similarities between the 2, most are self learned, or learnt via little pointers here and there from forums or from blogs like mine. I guess the effort involved is quite great, that is probably why there are not that many bluesnarfers around. :)
How then do most people learn how to bluesnarf. There are essentially 2 groups of bluesnafer. The 1st are like me, versed in networking and securities and dabble with bluetooth vulnerabilities for fun. The second group are people who started with bluejacking. After enough fun with that they graduate to bluesnarfing.
The similarities between the 2, most are self learned, or learnt via little pointers here and there from forums or from blogs like mine. I guess the effort involved is quite great, that is probably why there are not that many bluesnarfers around. :)
Monday, January 26, 2009
Sunday, January 25, 2009
Bluesnarfing Software for $2
A fellow bluesnarfer has decided to put up some bluesnarfing software for download
I've briefly look through them, do note the following
1) These are meant for beginners which means it has an advantage of being very easy to use. But this also means software penetration strength is not as good as some other tools.
Do note though I'm not affiliated to his site, so if you're keen click here : Bluesnarfing Software to take a look.
I've briefly look through them, do note the following
1) These are meant for beginners which means it has an advantage of being very easy to use. But this also means software penetration strength is not as good as some other tools.
Do note though I'm not affiliated to his site, so if you're keen click here : Bluesnarfing Software to take a look.
Wednesday, January 21, 2009
Bluesnarfing Software
There has been many request for bluesnarfing software. Most sites will not offer these for download for obvious reasons. 1) Bluesnarfing is not exactly legal 2) Ethical issues.
Some of you may laugh, what the heck is the bluesnarfer telling us about ethics. This ethics issue must be discussed in another post. But suffice to say, not all hackers are bad and in fact, many hackers work for the police and security agent to enhance the safety of the masses. The same can almost be said of bluesnarfer.
That said, I'm not sure if some of you managed to find bluesnarfing tools around by yourself. Would be interesting to know. Maybe you can let me know by posting a comment here. Let me know if you tried to find but can't or that you've found. :)
Some of you may laugh, what the heck is the bluesnarfer telling us about ethics. This ethics issue must be discussed in another post. But suffice to say, not all hackers are bad and in fact, many hackers work for the police and security agent to enhance the safety of the masses. The same can almost be said of bluesnarfer.
That said, I'm not sure if some of you managed to find bluesnarfing tools around by yourself. Would be interesting to know. Maybe you can let me know by posting a comment here. Let me know if you tried to find but can't or that you've found. :)
Subscribe to:
Posts (Atom)