Bluetooth is now a widely used technology, thanks to its use in devices such as smartphones and tablets.While we're used to using it to connect devices with our headsets, cars, and other software, Bluetooth has its fair share of holes.
So, is it safe to use Bluetooth?How do hackers use Bluetooth to attack?
How does bluetooth work?
In 1989, the telecommunications company Ericsson began researching a wireless alternative to RS-232 serial communications. In 1996, Nokia and similar companies started looking for short-range protocols like Bluetooth.All of these organizations form the Bluetooth Special Interest Group (SIG).
Typically, Bluetooth technology consists of a parent device and a child device connected to it.That's a piconet.The child device is within 10 meters of the parent device.The piconets join together to create a decentralized network.Here the parent device communicates with the child device.
However, it is not possible to talk directly to the child device.
How Bluetooth Security Works
In the Bluetooth protocol, there are three basic security modes:
1. Non-secure mode: There are no secure applications in this mode.Steps such as authentication, encryption, and communication security are not available.
2. Service Level Security Mode: In this mode, security is only at the service level.In other words, even if an application using a security service is relatively secure when communicating, there is no additional protection.
3. Link Level Security Mode: Unlike other modes, this mode works at the connection level.The purpose here is to prevent unauthorized access and try to protect the system completely.
Each Bluetooth service has a security mode based on it and provides three levels of security.Some services may use both authorization and authentication, while others may only use authentication.Devices using this protocol have two different security modes.
Furthermore, in the Bluetooth security architecture, different security levels are defined for both devices and services.The device has two security levels:
1. Secure: These are the devices you have previously established any persistent connections to.They have unlimited access to all services as long as there are no restrictions at the application layer.
2. Not secure: Devices that you haven't had any previous connection or communication to fall into this category.Also, even if you connect to these devices, these devices are sometimes described as risky and unsafe for other reasons.
Many files can be exchanged during the day using Bluetooth technology.However, if you take into account the above security services and patterns, you will find that you have to give a lot of permissions to the devices you allow to exchange files.
It's a big security concern if another device has more permissions than yours just for sending some files.But of course, you can take some precautions.
How to Improve Your Bluetooth Security
Keep your bluetooth set to "undiscoverable" (transmission disabled) and only switch to "discoverable" mode when you're using it.Leaving your smartphone or any Bluetooth device you use in discoverable mode exposes the device to Bluetooth problems.When you're out for a walk, drive, or even walk around the office, any Bluetooth user in close proximity may pick up your signal and use it to access your device.
Avoid storing your important information such as Social Security numbers, identification information, serial numbers, passwords, and credit card information on your Bluetooth device.If you do, at least make sure this information is stored on a sandboxed service, using complex passwords and additional layers of verification like two-factor authentication (2FA).
If you are connecting to your device via Bluetooth, do so in a safe place.This will limit the number of potential intruders near you.
How do hackers attack bluetooth?
When it comes to Bluetooth, there is a large library of attack vectors.By exploiting a vulnerability in Bluetooth, attackers gain unauthorized access to victim devices.
Once attackers gain access, they use privilege escalation, exploiting smaller vulnerabilities to gain access to a wider system and exploit control.Thus, it becomes possible to destroy evidence, attack other devices, or even take over the entire device.
Bluetooth devices are generally considered safe from long distances.However, this is not right.With high-gain antennas, attacks from distances of 1500 meters are possible, and beyond, thanks to Bluetooth 5, the latest version of the technology, and the evolving network structure.
A common method for attackers is to produce unexpected results by transferring the wrong file.When the system receives an unexpected file and the specified security level is not sufficient, it either falls into an unstable state or the system crashes.Attackers exploiting these situations can conduct numerous attacks on vulnerable devices.As a result of these attacks, many things can be achieved, including:
1. Make a call or text.
2. View, modify, or update the file.
3. Interfere with media that may contain sensitive content, such as photos, videos, or audio.
4. Theft of data or theft of material value.
5. Display offensive things on the device.
In short, an attacker can gain access to everything you can do at the root level.This usually happens because Bluetooth and similar chips are directly connected to the main chip, which has no permission restrictions.At least by restricting permissions, you can restrict root permissions in an attack.
What is the Blueborne vulnerability?
A vulnerability known as Blueborne, published in September 2017, once again revealed just how scary Bluetooth technology can be.As a result of this attack, it is possible to run code remotely on many devices (although remote access can be made more secure).
Blueborne is very different from other attacks.The aforementioned carriers require user permission.In other words, end users are approving requests such as file transfer requests, connection requests, and device trust requests.However, in Blueborne, the user does not need to give any permissions.It can be used remotely.
Logic of remotely exploitable vulnerabilities
The most critical thing about vulnerabilities that enable remote attacks is that they do not require any user approval.There are three main rules in this regard:
1. It should not require any human interaction to develop.
2. It should not make complex assumptions about the active state of the system.
3. Once exploited, it should bring the system to a stable state.
In other words, hackers can exploit the vulnerability without the victim's knowledge.The best example of this is undoubtedly the Blueborne attack.Using Bluetooth technology, attackers can gain access to personal or even public devices and manipulate them.
Don't Underestimate Bluetooth Attacks
Don't leave your bluetooth connection open, and don't accept bluetooth connections you don't trust.Keep your software up to date and remove unused Bluetooth devices from the list of trusted devices.These methods will protect you from most attacks via Bluetooth.
Of course, perfect security does not exist, and attack vectors will continue to evolve as technology evolves.
Copyright Notice:The article only represents the author's point of view, the copyright belongs to the original author, welcome to share this article, please keep the source for reprinting!