BlueBugging is an attack in which the attacker exploits Bluetooth enabled in a device to get unauthorized access of the system and manipulate the target device to compromise its security. Attackers often use this technique to track a victim, access his contact list, make calls or send SMS from his device or do other nefarious illegal activities.
BlueBugging was first found by German researcher Martin Herfurt in 2004 and since then it has affected many victims. Even now also there are several software available for making this attack possible.
Purpose of BlueBugging
Attackers can use this technique for many nefarious purposes. The list below mentions a few of them.
- Attacker can install a backdoor in the target device, especially a mobile phone, and through that get control of the phone. The attackers can initiate phone calls from the device and eavesdrop phone conversations of the victim.
- Attackers can make phone calls or SMS to premium services phone numbers and extract money from the victim.
- Attacker can send SMS from the victim's device to the attacker and steal sensitive information of the victim.
- Some location based services use GSM services to track their customers. For that purpose, they need to get some permission on the mobile device. In Bluebugging, the backdoor can give that unauthorized permission to the attacker and the attacker can track the victim illegally.
- The attacker can collect information about the victim's contact list, call list and exploit those information.
- The attacker can forward the victim's calls to the attacker and do other nefarious activities.
- The attacker can even change Network Provider settings of the victim's mobile device.
How is BlueBugging done ?
Attacker first makes a Bluetooth pairing with the victim's device. And the attacker uses that Bluetooth connection to install a Backdoor to the victim's device. Now, the Backdoor can exploit security vulnerabilities of the device software and give unauthorized access of the device to the attacker. There are lots of software readily available which the attackers normaly use to make this attack.
How to prevent BlueBugging ?
The users can always take a couple of steps to safeguard himself.
- Turn off the Bluetooth when it is not used. This will prevent the attacker from getting unauthorized access of the device to make this attack.
- If you see any suspicious activities in your mobile devices, like restarting suddenly or disconnecting and reconnecting with other devices etc, be cautious. It may indicate unauthorized access of the device to the attacker.
- Check for data usage of your device. If it suddenly increases without convincing reasons, it may indicate a Bluebugging attack.
- If you are suspicious of Bluebugging attack of your device, do a factory reset of your device. This will remove the backdoor and unauthorized access of the device to the attacker.
What is BlueSnarfing ?
What is BlueJacking ?
What is BlueSniping ?
What is BlueSmack Attack ?
What is BlueDump ?
What is BluePrinting ?
What is BlueBump Attack ?