Bluejacking, Bluesnarfing and Bluebugging: Explained
When it comes to wireless security, Bluetooth is usually never thought of as an avenue by most users, yet it’s one of the ways through which a hacker or attacker can gain access to critical information on a victim’s mobile devices.
With the rise in popularity of hands-free and wireless connectivity, Bluetooth is fast becoming one of, if not the most ubiquitous, short-range wireless communication modes. Of course. This popularity comes with the attendant interest from hackers, as it presents an additional avenue for infiltration and intrusion activities.
There are three main ways that a Bluetooth hack attack can happen, namely, Bluejacking, Bluesnarfing, and Bluebugging and a little foreknowledge can go a long way towards helping potential victims recognize an attempt and stay safe.
Bluejacking
Bluejacking is an ostensibly harmless attack that involves receiving unsolicited messages over Bluetooth. The victim only needs to have their Bluetooth connection active for a nearby ‘attacker’ to send unsolicited messages.
One method of Bluejacking is sending an electronic business card to a Bluetooth-discoverable phone, which often happens at such places as business meetings, shopping malls, or trade shows.
It’s usually deemed pretty harmless since nothing is installed or downloaded on the phone apart from the annoyance of receiving unsolicited messages. In some cases, it could turn harmful if inappropriate or threatening messages are received.
Bluesnarfing
Bluesnarfing is way more pernicious and differs from Bluejacking in that, rather than send messages to the victim, it aims to steal content from the victim.
These attacks aim to manipulate the connection to steal sensitive data like photos, passwords, contacts, and such. Unlike Bluejacking, Bluesnarfing is insidious. It’s immediately evident when a Bluejacking attack happens because the victim immediately receives a message notification. Bluejacking is stealthier. The victim might not be aware that their data is being accessed or stolen over Bluetooth.
An attacker can download a whole phonebook’s list of contacts or messages and use them for whatever purposes would be expedient to them. Or they can perform other harmful acts, like altering or deleting stored information.
Bluesnarfing attackers can even use a variety of readily available apps, one of them being Blooover.
Noticing signs of Bluetooth-uninitiated activity could be a sign of Bluesnarfing.
Bluebugging
Bluebugging and Bluesnarfing are almost similar, though Bluebugging goes a step further and can do more damage.
After access is gained to a mobile device via Bluetooth, the attacker bugs the phone, i.e., installs a backdoor that would enable them to continue accessing information on the device over a long period of time.
The phone is effectively bugged, hence the term bugging, and the attacker can even remotely control it, not necessarily via Bluetooth. The discreetly installed malware lets them bypass authentication measures in the future, giving them unfettered access to the device.
Bluebugging can be pretty fatal in some cases. An attacker, having gained control of the phone, can direct the phone to make calls without the owner’s knowledge. They can even set up call forwarding where they receive phone calls intended for the victim. They can access the phonebook, read through messages, and view call logs.
How to stop Bluetooth related attacks
Bluetooth is limited in range to within a few metres in most cases, so an attacker would need to be very close to the victim to initiate an attack, which can make it inconveniencing and unfeasible. Nevertheless, it might take one attack to wreak havoc on a victim, especially in the case of Bluebugging so knowledge of how they happen and preventive measures to be taken can be valuable.
- The first and most effective measure is turning off Bluetooth whenever it’s not in use, particularly in public places where opportunist hackers might be lurking. When not in use, the phone should be in undiscoverable mode via Bluetooth.
- While this seems obvious, it’s always a good practice to avoid pairing with strange Bluetooth connections, accepting requests to pair, Airdrops, and such unsolicited Bluetooth messages from strangers.
- While not always possible, it’s also advisable not to store highly sensitive data on devices with Bluetooth connections unless it’s unavoidable.
- Additionally, using more robust password and authentication measures on Bluetooth devices would be advisable. In the case of passwords, regularly reviewing and changing them can prevent attackers from re-accessing the device in the future using old passwords.
- Regular device and software updates, which come with updated security patches, can help secure the device from further attacks.
While Bluesnarfing and Bluebugging require some deep technical knowhow and are methods that are beyond the reach of most people, they are still potent tools in the arsenal of prowling attackers. And given that mobile phones are used for almost every sensitive personal transaction, Bluetooth attacks have the potential to wreak irreparable damage.