Bluetooth is a wireless communication protocol developed in 1998. It simplifies the transfer of files, photos and docs for low peripheral devices such as cell phones, PDA’s and mobile computers over a small range of distance. Bluetooth technology has revolutionized wireless communications between devices with its simple and ubiquitous features.
However, unfortunately, Bluetooth technology has increased the security concern for individual data. Here are the different hacking techniques that attackers can leverage to compromise your Bluetooth and steal your sensitive data.
Bluebugging - It is often caused due to a lack of awareness when a user sets by default the Bluetooth in discoverable mode. It allows an attacker to take over a mobile phone and listen to conversations, enable call forwarding and send messages.
Bluejacking - This is a practice of sending an unsolicited message of nearby Bluetooth devices. This type of attack is often executed using texts. However, the attackers can also use images or sounds to launch the attack. Bluejacking is relatively harmless but does some confusion when users start receiving messages.
Bluesnarfing - Any unauthorized access to or theft of information from a wireless device through Bluetooth connection is Bluesnarfing. Attackers use tools such as hcitool and obexftp to exploit a vulnerability in the Bluetooth and can access information such as the user's calendar, contact list, and e-mail and text messages.
Btlejacking - Btlejacking, a new form of Bluetooth attack vector was disclosed in August 2018 by Damien Cauquil, head of research and development at Digital Security at a DefCon conference in Las Vegas. This new technique could allow attackers to jam and takeover any Bluetooth Low Energy device. It relies on the jamming vulnerability tracked as CVE-2018-7252 and affects BLE devices with versions 4.0, 4.1, 4.2 and 5. In order to exploit the flaw, the attacker should be within 5 meters.
Apart from attack techniques, threat actors can also leverage vulnerabilities in Bluetooth implementations to gain access to victims’ devices. Some of the known vulnerabilities are BlueBorne - discovered in 2017 - and Bleedingbit - uncovered in 2018.