Tuesday, February 24, 2009

How to protect yourself from Bluetooth Hack

Almost all new mobile phones and laptops comes with built-in Bluetooth

You may not realize that walking around with Bluetooth enabled on your cell phone leaves you vulnerable to hackers. They can easily connect and manipulate your phone simply by using a Bluetooth connection.

Most new cell phones have Bluetooth by default these days for things like wireless headsets, in-car connectivity, syncing with a computer and many other uses. While Bluetooth has proved to be a very useful tool for cell phones, many are unaware that it opens doors to hackers.

The fact that cell phones carry a lot of private data these days, makes “Bluetooth attacks” even more scary. While simply having Bluetooth as a feature on your cell phone doesn’t make you vulnerable to attacks, walking around with the Bluetooth function enabled and “visible” does. Many people turn on Bluetooth to use a headset or sync with their computer, and then simply forget to turn it back off when they’re done. This is why Bluetooth hacking has become so prevalent and so easy to do.

When Bluetooth is enabled on your device, it’s essentially broadcasting the fact that “I’m here, and I’m able to connect” to any other Bluetooth-based devices within range. This makes using Bluetooth simple and straightforward for the consumer, but also lets hackers know which ones to target very easily.

Here’s how it’s done; a hacker can simply download some special software and install it on a laptop or netbook. He can then install a Bluetooth antenna to that computer and put everything in a backpack, briefcase, etc. Now, all he has to do is walk around public places where a lot of people are concentrated, and let the computer running in his bag do all the work while no one has any idea what’s happening.

The software on the computer will constantly scan the nearby surroundings of the hacker for active Bluetooth connections, and when it finds them, can do a variety of things without the owner having any idea what’s going on. The entire process is automated for the hacker as well, so all he has to do is walk around for as long as he can and collect as much data as possible, which he can then manipulate. Some attacks are less damaging from others, but Bluetooth allows the hacker to do many things.

Once the hacker’s software finds and connects to a vulnerable Bluetooth-enabled cell phone, it can do things like download address book information, photos, calendars, SIM card details, make long-distance phone calls using the hacked device, bug phone calls and much more. There’s a myriad of software freely available that’s made specifically to attack cell phones via Bluetooth connections, and every time an update to the technology or certain cell phones becomes available there’s bound to be new hacking software for it. Certain attacks have become so prevalent that they even have names these days;

“Bluesnarfing” is the term associated with downloading any and all information from a hacked device, and can even allow the hacker to send a “corruption code” to completely shut the phone down and make it unusable. “Bluebugging” is an even scarier hack- it involves using special software to connect to a device and silently making it call another device, usually one the hacker is using, to act as a phone bug. The hacker can then listen in on anything you and anyone around you is saying. Beyond these attacks, hackers can use software to route long-distance calls to worldwide locations to your phone using Bluetooth, which in turn sticks you with the carrier roaming charges. Likewise, a hacked phone can even remotely be used to make “micro-purchases,” or purchases that show up on subscriber’s monthly bills.

The possibilities are virtually endless, and these are just a few examples of what can be done utilizing the Bluetooth connection on cell phones. Many think that they’re safe from such attacks because Bluetooth is such a short-range communication method- a hacker would have to be within a few feet to be able to do anything. With special antennae that’s been developed solely for this application, hackers can connect to cell phones that are up to a 1000 feet and more away. The entire process is just to easy for hackers, all they need is some special software, an antenna of some sort and some basic knowledge.

Luckily, not all Bluetooth-enabled cell phones are vulnerable to all attacks. Bluesnarfing and other attacks may work while bluebugging doesn’t on one make and model of cell phone, while only bluebugging and nothing else works on another. That’s why hackers generally setup a variety of hacks, and when they’re out and about performing their attacks on un-suspecting victims, the software will automatically identify the cell phone model and attack it accordingly in any way it knows how. The bottom line is any cell phone that has built-in Bluetooth can be hacked, it’s just a matter of what type of hacks can be performed.

The best way to avoid such an attack is to simply remember to turn off your Bluetooth when you’re not using it. A lot of people will simply put Bluetooth in “hidden,” or “private” mode which they think will hide themselves from attacks, but in reality, hackers have already figured out how to find them. Disabling the function altogether is the only way to curb an attack.

2 comments:

arun said...

Hi,

We have just added your latest post "Shoaib Yousuf: How to protect yourself from Bluetooth Hack" to our Directory of Bluetooth . You can check the inclusion of the post here . We are delighted to invite you to submit all your future posts to the directory and get a huge base of visitors to your website.


Warm Regards

Blutooth.info Team

http://www.blutooth.info

Shoaib Yousuf said...

Thanks Arun, will keep that in mind. If something related to Bluetooth comes up.