- Wireless Security Tutorial
- Wireless Security - Home
- Wireless Security Basics
- Wireless Security - Concepts
- Wireless Security - Access Point
- Wireless Security - Network
- Wireless Security - Standards
- Wi-Fi Authentication Modes
- Wireless Security - Encryption
- Wireless Security Break an Encryption
- Wireless Threats
- Wireless - Access Control Attacks
- Wireless Security - Integrity Attacks
- Wireless - Confidentiality Attacks
- Wireless Security - DoS Attack
- Wireless Security - Layer 1 DoS
- Wireless Security - Layer 2 DoS
- Wireless Security - Layer 3 DoS
- Authentication Attacks
- Rogue Access Point Attacks
- Client Misassociation
- Misconfigured Access Point Attack
- Ad-Hoc Connection Attack
- Wireless Hacking Methodology
- Wireless Traffic Analysis(Sniffing)
- Launch Wireless Attacks
- Crack Wireless Attacks
- Wireless Security Tools
- Wireless Security RF Monitoring Tools
- Wireless Security - Bluetooth Hacking
- Wireless Security - Bluetooth Stack
- Wireless Security - Bluetooth Threats
- Wireless - Bluetooth Hacking Tools
- Wireless Security - Bluejack a Victim
- Wireless Security - Tools
- Wireless Security Pen Testing
- Wi-Fi Pen Testing
- Pentesting Unencrypted WLAN
- WEP Encrypted WLAN
- Pentesting WPA/WPA2 Encrypted
- Pentesting LEAP Encrypted WLAN
- Wireless Security Useful Resources
- Wireless Security - Quick Guide
- Wireless Security - Useful Resources
- Wireless Security - Discussion
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
';
As a start, let’s define what Bluejacking means. It is a process of sending the so-called "e-business" card to other device via Bluetooth. The types of e-business cards as we know them are the ones with contact information (name, e-mail, phone number) that you send to other users. Bluejacking works in the same way, but it does not send contact information; in place of that, it sends some malicious content. An example of Bluejacking is shown in the following image.
This definition of Bluejacking is the one you can see in most of the internet resources, and this is considered a pie on top of the cake. The basic fundamentals of Bluetooth hacking are that it will give you a plethora of choices. First is to first pair with the other device. As soon as this step is performed, you may discover the internet for tools that makes some specific malicious functions. Those might be −
Mentioned above like sending e-business cards with malicious attachments.
Pulling out confidential data out of the victim's device.
Taking over the victim's device and make calls, send messages, etc., of course without the knowledge of the user.
We will now explain you how to get to the point, when you are paired with the victim's device. Whatever you want to do next, only depends on the tools and approaches you will find on the internet, but it could be almost everything.
First step is to enable the Bluetooth service locally on the PC.
Next, we need to enable the Bluetooth interface and see its configuration (the same way as physical Ethernet interfaces and wireless interfaces, the Bluetooth one also has MAC address called as the BD address).
When we know that the interface is UP and running, we need to scan a Bluetooth network for the devices visible in the close environment (this is the equivalent of airodump-ng from the 802.11 wireless world). This is done using tool called btscanner.
What you can read from the above screenshot is that −
The MAC address of our local Bluetooth device is A0:02:DC:11:4F:85.
The MAC address of the target Bluetooth device is 10:AE:60:58:F1:37.
The name of the target Bluetooth device is "Tyler".
The main idea here is that Tyler's device is authenticated and paired with another Bluetooth device. For the attacker to impersonate itself as a "Tyler" and pair directly with other node, we need to spoof our MAC address and set our Bluetooth name to "Tyler".
Just to let you know, you also have a BTScanner version for Windows OS. Below is the sample screenshot from the windows version of the tool.
To impersonate Bluetooth information, there is a tool called spooftooth, that we need to use here (equivalent of macchanger, that we have to use to bypass MAC authentication in WEP scenario with MAC filtering). What we have done below, is that we have changed the MAC address of our Bluetooth dongle (hci0 device) to the one, we have found using btscanner. We have also changed the name of the Bluetooth device to 'LAB'. This is the one I am using locally in my Bluetooth pairing setup between two smartphones.
Success! Right now, we have cloned the Bluetooth setup of one of the clients involved in Bluetooth smartphone-to-smartphone communication. It allows us to communicate directly with the other device from a Bluetooth pair. Of course, we need to make sure that the legitimate device, whose credentials we have spoofed, disappears from the network. It might take time in real life and we would have to wait until a user goes away from range of Bluetooth, or disables the Bluetooth service on his device.
Print Page
Advertisem*nts
';