Sunday, December 2, 2007

What You Ought To Know Before Switching On Your Bluetooth

Wonder what we are trying to say??? Well, how many of you know about Bluejacking or Bluesnarfing. Not many hands go up, do they?? Well that’s what we are going to talk about in this write up.

So what is Bluetooth in the first place? Bluetooth technology enables your digital peripherals to talk to each other without needing wires and cables. Being an 'open specification' means that any manufacturer can make a Bluetooth device and it will also allow transfer of data to any other Bluetooth device from any other manufacturer. Bluetooth devices are only designed to operate over short ranges - typically less than 10m (30 feet).

Then so what is this term Bluejacking. Bluejacking is a new term used to define the activity of sending anonymous messages using Bluetooth to other Bluetooth equipped devices (typically PDAs and Mobile Phones) in range of the senders’ device.

Whilst the ability to receive such messages can be disabled or the Bluetooth functionality of the device can be switched off, the fun nature of Bluejacking is likely to encourage people to participate and to enjoy the new phenomenon.

Still wondering what it means. Lets say its analogous to what we use everyday Orkut. It allows us to connect to people whom we never know. Its fun if we use it in the right sense to connect with people, but when it falls in the wrong hands it becomes a medium of criminal activities too. Want to make it even simple. It’s just hacking using Bluetooth (but the techies would obviously disprove us defining it like this)

In today’s scientific world every innovation has a grey side unless we show discretion in using them. Similarly there is also a code of rules that must be mentioned before we go any further.

Bluejacking is meant for FUN! So make sure it is.

No-one has yet written a definitive statement on what is allowed or not-allowed and so we have given you some common sense rules below:

Don't send abusive messages

Don't threaten anyone

Don't put your personal information in a Bluejack message

Don't reveal yourself to the 'victim'

Do disable Bluetooth if you don't want to be Bluejacked

Firstly you need to have a Bluetooth enabled Mobile Phone or PDA - if you have then great, if not then you will not be able to enjoy the world of Bluejacking - sorry.

Whilst you can choose to "Accept" the message it's best to avoid doing so.

If Accepted then the message will be added into your own Contact Phone Book and that could fill up quite quickly. If the sender has added any additional information into the Contact that they sent you then you can only see this by

Accepting it and then opening up the new Contact. However as the idea behind

Bluejacking is sending simple messages there is nothing to be gained by storing

it. Simply choose "Delete" or "Erase" and then get your own back on them

The future of Bluejacking holds many interesting possibilities. Especially, to all you marketing savvy’s and Mba’s out there. Bluejacking holds the key to personalised advertising of your product. So good bye to all jingle’s and ad’s. The New Age of publicising has arrived.

Best of all this is completely free of charge - no 10p text messages or phone calls and not finding that the other person lives 150 miles away - they are in the same bus/queue/class or train as you are.

So the future is blue, not pink.

http://www.youtube.com/watch?v=dltjEnrePxc

Wondering if it’s a movie link? No, it just demonstrates how Bluejacking turns to Bluesnarfing when it falls in the hands of real time hackers

So, what’s Bluesnarfing?? Confidential data can be obtained, anonymously, and without the owner's knowledge or consent, from Bluetooth enabled mobile phones. This data includes, at least, the entire phonebook and calendar, and the phone's IMEI.

The Bluesnarfing is a more detailed elaborate planned attack.

First is Data collection. This gives primarily the Bluetooth name, address of mobile, class of mobile, real time clock.

Then the blue bug attack. It is to set up covert serial channel to device. In other words with this facility, it is possible to use the phone to initiate calls to premium rate numbers, send sms messages, read sms messages, connect to data services such as the Internet, and even monitor conversations in the vicinity of the phone. Bluetooth access is only required for a few seconds in order to set up the call. Call forwarding diverts can be set up, allowing the owner's incoming calls to be intercepted, either to provide a channel for calls to more expensive destinations, or for identity theft by impersonation of the victim.

Thirdly the Backdoor attack, it involves establishing a trust relationship through the "pairing" mechanism, but ensuring that it no longer appears in the target's register of paired devices. In this way, unless the owner is actually observing their device at the precise moment a connection is established, they are unlikely to notice anything untoward, and the attacker may be free to continue to use any resource that a trusted relationship with that device grants access to.

Finally, we have the Snarf attack. It is possible, on some makes of device, to connect to the device without alerting the owner of the target device of the request, and gain access to restricted portions of the stored data therein, including the entire phonebook and any images or other data associated with the entries, calendar, real-time clock, business card, properties, log, International Mobile Equipment Identity (which uniquely identifies the phone to the mobile network, and is used in illegal phone 'cloning').

This is normally only possible if the device is in "discoverable" or "visible" mode, but there are tools available on the Internet that allow even this safety net to be bypassed.

So, how do u Bluejack?? Well, it’s pretty simple once you have downloaded the tools from one of the following links…once you have opened the application, all you have to do is scan for Bluetooth devices and select one of the devices and (type and send the message) attack them

http://www.youtaggedme.com/

http://trifinite.org

I think now you got what we tried to say in the title. Bluejacking is fun, if within the limits. Just don’t try to use it to spam or abuse people even worse don’t snarf them.

So how do we protect one against blue snarfing? Well, there are no fixes till now though some brand of mobiles claim to have plugged the holes to make it safe against backdoor attacks. But hey we never know. So for now to permanently remove a pairing, and protect against future BACKDOOR attacks, it seems you must perform a factory reset, but this will, of course, erase all your personal data.

However, Bluejacking is a completely different ball. It’s now being accepted abroad as what we can call a social networking tool. Do we want it? Doesn't really matter, because, if you don't then simply switch off the Bluetooth. "just say no". :)

Me, I can't wait! And for those who after reading this have got hooked on to Bluejacking, GO AHEAD! But hey remember play it safe.

In case it all goes wrong:

If you manage to identify your victim and they are looking angry rather than puzzled & confused, our advice is to run, not walk, in the opposite direction! Have fun.

2 comments:

shubz said...

give d link of d software dude

thanx in advance

if u can plz mail me link

shubhamsmartguy@gmail.com

Abhisek said...

give some software links for BLuesnarfing

Search

The Web Blog