Thursday, November 29, 2007
Today's lets talk aboutr bluesnarfer. This is one of the earliest tool used for bluesnarfing and and stayed true to the original description of bluesnarfing: which is to download the phonebook of susceptible mobile phones.
This is esentially a UNIX tool....like many of the bluetooth tools, which means you can't run it on usual java phones.
What is does is simple, search for bluetooth devices around and download the phonebooks of the devices that can be attacked.
This tools has been around for more than 4 years, so it's no surprising that some if not many of the new phone models has already had the bug exploited by the original bluesnafer fixed.
Hope this helps :)
Friday, November 23, 2007
Like before, all words and no video makes it dull.
So here's a video of bluebugging
Monday, November 19, 2007
Let me introduce bluebugging.
While some people consider bluebugging a kind of bluesnarfing, it is esentially different.
In fact, it is technically more difficult to bluebug than to bluesnarf.
While bluesnarfing is stealing of files from a person's mobile, bluebugging gains access to the bluetooth device and esentially takes controls of it.
This means that a bluebugger can take control of your phone, use it to access the internet, or to make phone calls, or send a text message.
As I promised, a quick post today. I'll leave the uses of bluebugging to your imagination for now.
Will talk more about it in my next few posts.
Saturday, November 17, 2007
The 2 flaws are the beginning of Bluesnarfing.
Blue Nov 2003, when Adam described the flaws, bluejacking is already known and spreading. What Adam discovered was new even to the blue jacking community
1) That data from a victims phone can be obtained without any knowledge of the owner. When it was first described, he was essentially talking about the phonebook. But in essence, any data stored in the bluetooth device can be obtained.
2) Any previously paired device, can access the data and files of a person's mobile device. This is so even after the pairing has been removed.
This started the era of bluesnarfing. Adam quickly alerted phonemakers, which resulted in upgrades which fixed these security bugs. But Bluesnarfing didn't end there. With these bugs fixed, bluesnarfers identified new flaws and started a new generation of bluesnarfing which is still happening today.
Tuesday, November 13, 2007
Sunday, November 11, 2007
Here are several Advice on proctecting yourself and your mobile devices.
1) Turn off Bluetooth
This is the most foolproof way. If you don't need bluetooh, don't turn in on. only leave it on when you need it. There is no way anyone can access your phone via bluetooth if it is switched off.
2) Keep yourself Invisible.
This usually prevents common softwares from "detecting" your device. Do note that this will not hinder the experienced bluesnafers. Most of them can detect your device despite it being in "invisible" mode.
3) Password protect
Passwording your devices cannot stop all bluesnarfing. But i can make things more difficult for them, and esentially stop the amateurs. I would suggest at least a 5 digit password.
4) Verify Verify Verify
Never pair with an unknown device. This is simply opening the door to an attack. Once open it may never be closed again.
If you ever suspect anyone is bluesnarfing you, simply switch off your device.
In the next post I'll go through some softwares you can use to detect a bluetooh attack.
It is a major security issue since the advent of bletooth technology and is often thought to be in the same genre as ""hacking"
It was thought to be first discovered in late 2003.
Technical details aside. When a person performs a bluetooth attack, he is able to connect to another persons bluetooth devices and able to gain access to the files on his device. This means that he can read all the messages, files and even photos on the victims device.
Not surprisingly, bluesnarfing is not legal.
This is sometimes confused with bluejacking in which users can send anomynous messages to the victims devices, which is esentially harmless.
Hope this helps.
Will post more about the technicalities of it next time.