-
Russell Mickler, Principal Consultant, has over 17 years of professional experience leading and managing IT organizations.
Feeling the Blues
Written on June 4, 2005
Leave a Comment
|
I’ve been teaching a graduate security class and the topic of data remanence and Bluetooth devices came up. Bluetooth is a wireless technology that allows devices like cell phones to wirelessly interact with each other, or, other devices, such as wireless headsets. Bluetooth allows devices that are within 15 feet of each other to establish a connection and transmit data to each other. Security, it seems, is laxed with these devices, which has turned out a microcosm of hacking opportunities.
The risks are that, the information contained in the primary memory (RAM) of a cell phone may compromise the confidentiality of an individual, or, worse yet, an organization. A couple of known attacks:
Bluesnarfing
The attacker is capable of downloading all of the contact information from a Bluetooth-enabled phone – names, address, cell phone and home telephone numbers. The attack is immediate and leaves no trace of infliltration. It is presumed that Sony Ericsson, Ericsson and Nokia handsets are subject to a Bluesnarf, but some models are at greater risk because they invite attack even when in ‘invisible mode’ where the handset is not supposed to broadcast its identity and should refuse connections from other Bluetooth devices.
BlueBug
Explotation of this loophole in a Bluetooth security protocol also allows the authorized downloading of phonebooks and call lists, and, the sending and reading of SMS (Small Message Service) messages from the attacked phone. Here’s what one of my students had to say about the subject: “The bluebug attack relies on a serial profile connection to the device giving full access to the AT command set, which can then be exploited using standard off the shelf tools, such as PPP for networking and gnokii for messaging, contact management, diverts and initiating calls. With this facility, it is possible to use the phone to initiate calls to premium rate numbers, send sms messages, read sms messages, connect to data services such as the Internet, and even monitor conversations in the vicinity of the phone. This latter is done via a voice call over the GSM network, so the listening post can be anywhere in the world. Bluetooth access is only required for a few seconds in order to set up the call. Call forwarding diverts can be set up, allowing the owner’s incoming calls to be intercepted, either to provide a channel for calls to more expensive destinations, or for identity theft by impersonation of the victim.”
Bluejack
Bluejacking is something like a drive-by scare tactic. Someone sends a Bluetooth-enabled SMS message saying, “You’ve been Bluejacked!” which then pops up on the cell phone’s screen. Perhaps even, “Hey, nice tweed sports jacket.” Nothing has really happened, although there seems to be evidence of further proliferation of attacks here, even the ability to remote control another phone. I found some additional information on this:
All over media (TV, press) in Europe there is plenty of warnings, that
users should switch off Bluetooth in their cell phones – or at least switch off
the “discoverable” feature (mode “invisible” should be switched on), or
otherwise their face data spying of their cell phones (for example: reading
phone book entries remotely), remote control of their cell phones (for example:
starting Internet connections or calling costly 0900 phone numbers) or causing
phone crash – all caused by Bluetooth attackers.
Cell phones susceptible to “remote control” Bluetooth attacks
are:
Nokia 6310i
Nokia 6650
Sony Ericsson T610
Sony Ericsson T68i
Cell phones susceptible to “data spying” by Bluetooth attackers
are:
Nokia 6310
Nokia 6310i
Sony Ericsson T610
Sony Ericsson T630
Sony Ericsson T68i
Sony Ericsson Z600
Cell phones susceptible to “crash the phone” Bluetooth attacks
are:
Siemens S55
Panasonic X700
Nokia 7600
Nokia 6820
Nokia 6810
Nokia 6230
Source: Matthias Rosche from Integralis – a security company
The interesting aspect of this is that the corporate information system may be extended to Bluetooth-enabled devices and thus they’re excluded from our land-based and wireless-based security protocols. What’s even more interesting to me is the extraction of the call log – the would-be hacker then has an issue of public record that could be “Googled” to look up the names and addresses of individuals and corporations.
Fascinating!
www.micklerandassociates.com
(C) 2005. All Rights Reserved.