Bluetooth is a popular short-range wireless system used in smaller portable wireless devices including phone, personal digital assistants (PDAs), and computer devices.
Two significant threats and one vulnerability exists with Blueetooth.
Threats. Bluesnarfing and bluejacking are two threats against Bluetooth devices that are left in discovery mode.
- Bluesnarfing is the unauthorized access to or theft of information from a Bluetooth device. Information that can be accessed through bluesnarfing includes: email, contact list, calendar, and text messages.
- Bluejacking is the unauthorized sending of text messages from a Bluetooth device without the permission of the owner.
When Bluetooth devices are first configured, they are configured in discovery mode.While in discovery mode, a Bluetooth device is easily discoverable and visible to other devices. Bluetooth devices are identified with a MAC address just as a NIC has a MAC address. In discovery mode, the Bluetooth device broadcasts its MAC address, allowing other devices to see it and connect to it.
Once a device connects with another device, it is paired to open the communication channel. After the pairing process, the Bluetooth device should be changed from discovery mode to non-discovery mode. Non-discovery mode is also referred to as invisible mode. While in non-discovery mode, the device doesn’t broadcast information about itself. Additionally, many devices add encryption to the communication process when in non-discovery mode.