Bluejacking, Bluesnarfing, and Bluebugging
Bluejacking.
Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e. for bluedating or bluechat) to another bluetooth enabled device via the OBEX protocol.
Bluetooth has a very limited range, usually around 10 meters on mobile phones, but laptops can reach up to 100 meters with powerful (Class 1) transmitters.
That's the wikipedia definition.
How to
So, how do you do this?
Browse to the file you want to send.
Open up the options menu, and choose send via bluetooth.
It should scan for a device.
When a few come up, choose your target, and send it.
Cool, but worthless.
Bluesnarfing.
Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs. This allows access to a calendar, contact list, emails and text messages, and on some phones users can steal pictures and private videos. Currently available programs must allow connection and to be 'paired' to another phone to steal content. There may be other programs that can break into the phones without any control, but if they exist they are not made publicly available by the developer. One instance of Bluesnarfing software that was demonstrated (but never made available for download) utilised weaknesses in the Bluetooth connection of some phones. This weakness has since been patched by the Bluetooth standard. There seems to be no available reports of phones being Bluesnarfed without pairing, since the patching of the Bluetooth standard.
Once again, that's the wikipedia article.
How does this work?
You may have noticed, you need to pair the device in bluetooth.
That's where social engineering comes into play.
Change the bluetooth name of your phone or laptop to some thing like "Cellular update service" or "Cellular update team".
I personally use the first one.
Next, bluejack a message along the lines of "We have learned that you need an update to keep your phone working on our new network. In a few seconds, you will be asked to pair with a blue tooth device. when asked to, type in the passcode "Your numerical passcode here, I use 0000".
Next, pair up with them.
Snarf some files.
For a program to aid in case this is hard to do on your phone, check out Bloover.
Bluebugging.
Bluebugging is a form of bluetooth attack. In progession of discovery date, bluetooth attack started with bluejacking, then bluesnarfing, and then bluebugging.
Bluebugging was discovered by German researcher Herfurt. His Bluebug program allow the user to take control of a victim's phone to call the user's phone. This means that the Bluebug user can simply listen to any conversation his victim is having in real life.
Initially, Bluebugging was carried out using laptops. With the advent of powerful PDAs and mobile devices, Bluebugging can now be carried out using these devices.
Further developments of Bluebugging tools has allowed Bluebugging to "take control" of the victim's phone. Not only can they make calls, they can send messages, essentially do anything the phone can do.
Wikipedia.
How to?
Follow the same social engineering as bluesnarfing, then stop.
To bluebug without a computer (or a means of getting down to the lowest level of your phone, which is extremely difficult, and requires a lot of programming) you need a program, like BT info.
Run the program.
NOTE:That is not being a script kiddie, no matter what anyone says.
0 comments:
Post a Comment