Scribd Logo
Importer

Bienvenue sur Scribd !

  • Topic: Bluesnarfing: (Security Threat)

    Transféré par

    palo
    278 vues9 pages
    Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection. It allows hackers to access calendars, contacts, emails, text messages, and files on phones. Bluesnarfing exploits vulnerabilities in the Bluetooth OBEX protocol that does not require authentication. It can be prevented by keeping Bluetooth disabled or invisible when not in use, updating devices regularly, and not accepting connections from unknown Bluetooth devices.

    Description originale:

    Presentation on Bluesnarfing

    Titre original

    Bbluesnarfing

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PPTX, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection. It allows hackers to access calendars, contacts, emails, text messages, and files on phones. Bluesnarfing exploits vulnerabilities in the Bluetooth OBEX protocol that does not require authentication. It can be prevented by keeping Bluetooth disabled or invisible when not in use, updating devices regularly, and not accepting connections from unknown Bluetooth devices.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PPTX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    278 vues9 pages

    Topic: Bluesnarfing: (Security Threat)

    Transféré par

    palo
    Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection. It allows hackers to access calendars, contacts, emails, text messages, and files on phones. Bluesnarfing exploits vulnerabilities in the Bluetooth OBEX protocol that does not require authentication. It can be prevented by keeping Bluetooth disabled or invisible when not in use, updating devices regularly, and not accepting connections from unknown Bluetooth devices.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PPTX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 9

    TOPIC: BLUESNARFING

    (SECURITY THREAT)
    WHAT IS BLUESNARFING?

    • BLUESNARFING IS THE UNAUTHORIZED ACCESS OF


    INFORMATION FROM A WIRELESS DEVICE THROUGH A
    BLUETOOTH CONNECTION, OFTEN BETWEEN PHONES,
    DESKTOPS, LAPTOPS. THIS ALLOWS ACCESS TO CALENDARS,
    CONTACT LISTS, EMAILS AND TEXT MESSAGES, AND ON SOME
    PHONES.

    • BLUESNARFING FIRST CAME TO LIGHT IN SEPTEMBER 2003.


    OBEX
    • COMMUNICATIONS PROTOCOL THAT FACILITATES THE EXCHANGE OF BINARY OBJECTS BETWEEN DEVICES
    • OBEX USES THE TRADITIONAL CLIENT/SERVER MODEL.
    • FOR A BLUESNARF ATTACK, A HACKER NEEDS TO EXPLOIT THE VULNERABILITIES PRESENT IN SOME
    DEPLOYMENTS OF THE OBJECT EXCHANGE (OBEX) PROTOCOL. THE ATTACKER MUST CONNECT TO THE
    OBEX PUSH PROFILE (OPP), A SERVICE WHICH TYPICALLY DOESN’T REQUIRE AUTHENTICATION, AND
    WHICH IS OPTIMIZED FOR THE EASY EXCHANGE OF DIGITAL BUSINESS CARDS AND OTHER OBJECTS.

    • BLUESNARFING THEN REQUIRES THE ATTACKER TO CONNECT TO AN OBEX PUSH TARGET AND PERFORM
    AN OBEX GET REQUEST FOR KNOWN FILENAMES. THESE FILENAMES ARE SPECIFIED UNDER THE IRMC
    SPECIFICATION (A STANDARD FOR WIRELESS DATA TRANSFER.
    • ONCE THE OBEX PROTOCOL HAS BEEN COMPROMISED, A HACKER CAN SYNCHRONIZE THEIR OWN
    SYSTEM WITH THEIR TARGETED VICTIM’S DEVICE, IN A PROCESS KNOWN AS PAIRING. IF THE FIRMWARE
    ON A DEVICE IS UNSECURED OR IMPROPERLY IMPLEMENTED, AN ATTACKER MAY BE ABLE TO GAIN
    ACCESS TO AND STEAL ALL THE FILES WHOSE NAMES ARE EITHER KNOWN OR GUESSED CORRECTLY. THEY
    MAY ALSO BE ABLE TO GAIN ACCESS TO ANY SERVICES AVAILABLE TO THE TARGETED USER
    • BLUESNARFING IS AN ATTACK TO ACCESS INFORMATION FROM WIRELESS DEVICES THAT
    TRANSMIT USING THE BLUETOOTH PROTOCOL. WITH MOBILE DEVICES, THIS TYPE OF ATTACK IS
    OFTEN USED TO TARGET THE INTERNATIONAL MOBILE EQUIPMENT IDENTITY (IMEI). THIS ENABLES
    THE ATTACKERS TO DIVERT INCOMING CALLS AND MESSAGES TO ANOTHER DEVICE WITHOUT
    THE USER'S KNOWLEDGE.

    • EITHER TURN OFF IN AREAS REGARDED AS UNSAFE OR SET THEM TO UNDISCOVERABLE. THIS
    BLUETOOTH SETTING ALLOWS USERS TO KEEP THEIR BLUETOOTH ON SO THAT COMPATIBLE
    BLUETOOTH PRODUCTS CAN BE USED BUT OTHER BLUETOOTH DEVICES CANNOT DISCOVER
    THEM.

    • AN INVASION OF PRIVACY, SO, ILLEGAL IN ALL COUNTRIES.


    THE DIFFERENCE BETWEEN BLUESNARFING AND
    BLUEJACKING
    • BLUESNARFING IS THE THEFT OF BLUEJACKING IS THE ACT, PRACTICE,
    INFORMATION FROM A WIRELESS OR ACTIVITY OF SENDING
    DEVICE THROUGH A BLUETOOTH ANONYMOUS TEXT MESSAGES TO A
    CONNECTION, OFTEN BETWEEN MOBILE PHONE USING BLUETOOTH
    PHONES, DESKTOPS, LAPTOPS.
    HOW TO PREVENT BLUESNARFING

    • MAJORITY OF THE PROBLEMS ARISE DUE TO THE FACT THAT SOME DEVICES HAVE A DEFAULT BLUETOOTH
    DISCOVERABLE MODE. BESIDES THIS, BLUETOOTH REACHABILITY IS WITHIN 30 FEET OR SO. THUS, FOR THE
    ATTACK TO HAPPEN, THE ATTACKER MUST BE CLOSE TO WHERE THE VICTIM IS.

    WHEN A DEVICE IS BLUESNARFED, THE ATTACKER IS ABLE TO ACCESS ALL THE DATA.
    BESIDES THE DATA, THE
    HACKER CAN MAKE CALLS, SEND TEXTS, ACCESS THE CONTACT LIST, NOTES, EMAILS, IMAGES, VIDEOS,
    MEMOS, ETC.

    • BLUESNARFING IS DANGEROUS TO A LARGE EXTENT, BECAUSE THE CULPRIT CAN TAKE COMPLETE CONTROL
    OVER YOUR DEVICE. THIS CAN EVEN MAKE YOU AN ACCOMPLICE IN ANY OF THE CULPRIT'S CRIMES, THUS
    MAKING YOU PRONE TO LEGAL ACTION IN THE FUTURE.

    ONE EASY SOLUTION TO THIS PROBLEM IS KEEPING CONFIDENTIAL DATA ON THOSE DEVICES WHICH ARE NOT
    BLUETOOTH-ENABLED, BECAUSE NO MATTER WHAT SAFETY PRECAUTIONS YOU TAKE, YOUR DATA IS
    SUSCEPTIBLE TO THREATS.
    • ANY DEVICE WITH ITS BLUETOOTH CONNECTION TURNED ON AND SET TO "DISCOVERABLE" MAY BE
    SUSCEPTIBLE TO BLUEJACKING AND POSSIBLY TOBLUESNARFING. BY TURNING OFF THIS FEATURE, THE
    POTENTIAL VICTIM CAN BE SAFER FROM THE POSSIBILITY OF BEING BLUESNARFED;

    • KEEPING YOUR PHONE OR OTHER MOBILE DEVICE IN “INVISIBLE” MODE AFFORDS SOME MEASURE OF
    PROTECTION AGAINST BLUESNARF ATTACKS.

    • THERE ARE ANTI-BLUESNARFING TOOLS AVAILABLE.

    • ALMOST ANY WIRELESS DEVICE REQUIRES REGULAR UPDATION TO KEEP UP WITH THE CHANGING TRENDS
    AND TECHNOLOGY. BLUETOOTH IS NOT THE ONLY REASON FOR BLUESNARFING. OTHER DEVICES LIKE
    TABLETS, LAPTOPS, OR PHONES ARE ENABLED WITH BLUETOOTH TECHNOLOGY TOO
    • MAKE SURE YOUR DEVICE'S BLUETOOTH IS ON ONLY WHEN YOU NEED IT. A CONSTANTLY
    RUNNING BLUETOOTH CAN BE ONE REASON FOR INVITING THREATS TO YOUR DEVICE.

    • IF YOU FIND IT TEDIOUS TO PUT IT ON AND OFF CONSTANTLY, AT LEAST MAKE IT A POINT TO
    KEEP IT ON NON-DISCOVERABLE MODE WHEN NOT IN USE.

    • MAKE IT A POINT TO REJECT ANY CONNECTION REQUESTS FROM UNKNOWN DEVICES. SOME
    CULPRITS SEND FILES OR A CONTACT CARD THROUGH BLUETOOTH. ACCEPTING IT NOT
    KNOWING WHO THE SENDER IS CAN BE TROUBLE. ONCE THE FILE IS ACCEPTED, THE CULPRIT'S
    DEVICE GETS ADDED TO THE LIST OF TRUSTED DEVICES ON THE RECEIVER'S SIDE. THIS IS HOW
    PERPETRATORS CAN GAIN ACCESS TO YOUR PHONE OR TABLET.
    THANK YOU

    Vous aimerez peut-être aussi