Sorry I’m late with this post, but there was so much to take in, I had information overload from BlackBerry Live. One of my favorite vendors was the Biometric or baiMobile booth. They deal in secure bluetooth solutions, and when it comes to security, I find it to be one of the most important and intriguing subjects around. I found myself watching a video with Michael Smith (Director, Business Development) and his assistant and checking out the great bluetooth secure solutions they provide.
Not too many people are familiar with the terms bluejacking, bluesnarfing, or bluebugging. Having relatives and friends that are in the military I can tell you it’s very real. Most of us use our bluetooth devices with our cell phones. We use them at home, in the car, and while we’re out and about. While we know what we have paired to use at our own convenience, there is so much more going on that happens and we’re not even aware of it. What’s the difference between these three?
Bluejacking is more of a nuisance or spam technique. Using bluetooth technology and if yours is enabled, the sender can send an “address book” to the phone which displays anything from a message or add, to even a joke like you’ve been bluejacked. No information is shared in this technique, only spam if you will.
Bluesnarfing is a bit different and more malicious. What sort of information can a bluesnarf attack retrieve from one’s device?
- Address Book
- International Mobile Equipment Identity (IMEI)
- Business Card Information
- Writing Address Book Entries
- Reading/Decoding SMS Messages
- Setting Call Forwards
- Initiating a New Phone Call to a pre-defined number Most other local data
- Most other local data
For this attack the attacker needs a J2ME ernabled device and a software tool called Bloover on a laptop. The distance must be within 10 meters. Most phones are patched and no longer have the older type of Bluetooth software on their phone, which makes it harder to use, but the threat is always one to watch out for.
Bluebugging is different. It tricks the phone into compromising its security. This technology started with laptops but went on to mobile devices. Once a link is established, it allows the attacker to take control of the phone. They can take the calls meant for the target, listen in on calls or the surroundings, view sms messages and send messages, view the contacts and calendar. Basically it’s a spying tool.
Now that you have a basic outlook of the three bluetooth vulnerabilities, let me show you what I found at baiMobile. When I spoke with them, I was shown a video which shows how the bluesnarfing is done. I found it really interesting. They had two products at their booth: The baiMobile 3000MP Bluetooth Smart Card Reader and the Bluearmor 100 Secure Bluetooth Headset (the only Bluetooth headset approved for use in the US Dept of Defense.
I was really interested in the Bluearmor headset and how it encrypts all calls.
We also spoke on security regarding different devices. I found out that the iPhone isn’t that secure, Apple doesn’t share any api’s for the security portion and as verified by an IT personnel of the Sussex Police Department, the iPhone cannot have contract information or sensitive information on it because of how vulnerable they are. Androids can be made more secure, but aren’t as secure as a BlackBerry.
For keeping your information safe, the BlackBerry is aces. Add a Bluearmor and you’re set. Or turn your Bluetooth off when you’re out and about. We’ll be getting in touch with Michael to see about reviewing the Bluetooth and putting it to the test. Let me know if you have any questions about the products, or if you’ve ever experiences a Bluetooth based attack.