Thursday, October 15, 2009

Bluetooth Concerns

The CompTIA Security+ (SY0-201) exam includes some objectives related to Bluetooth.

Bluetooth is a popular short-range wireless system used in smaller portable wireless devices including phone, personal digital assistants (PDAs), and computer devices.

Two significant threats and one vulnerability exists with Blueetooth.

Threats. Bluesnarfing and bluejacking are two threats against Bluetooth devices that are left in discovery mode.
  • Bluesnarfing is the unauthorized access to or theft of information from a Bluetooth device. Information that can be accessed through bluesnarfing includes: email, contact list, calendar, and text messages.
  • Bluejacking is the unauthorized sending of text messages from a Bluetooth device without the permission of the owner.
Vulnerability. Any Bluetooth device that is turned on and in discovery mode is easily exploited through a bluesnarfing or bluejacking attack.

When Bluetooth devices are first configured, they are configured in discovery mode.While in discovery mode, a Bluetooth device is easily discoverable and visible to other devices. Bluetooth devices are identified with a MAC address just as a NIC has a MAC address. In discovery mode, the Bluetooth device broadcasts its MAC address, allowing other devices to see it and connect to it.
Once a device connects with another device, it is paired to open the communication channel. After the pairing process, the Bluetooth device should be changed from discovery mode to non-discovery mode. Non-discovery mode is also referred to as invisible mode. While in non-discovery mode, the device doesn’t broadcast information about itself. Additionally, many devices add encryption to the communication process when in non-discovery mode.
Darril Gibson