Bluesnarfing is the theft of information through Bluetooth. Hackers do it by sneaking into mobile devices — smartphones, laptops, tablets, or PDAs whose connection has been left open by their owners. It implies exploiting Bluetooth vulnerabilities in order to grab such data as text or email messages, contact lists, and more.
It’s easy to become a victim of a bluesnarfing attack if you have the habit of using Bluetooth in public places and your phone is usually in a discoverable mode.
Read More about “Bluesnarfing”
Cybercriminals can perform the bluesnarfing attack on a device even when it is 300 feet away. What they can steal by doing so is mindblowing and quite scary. They can practically copy the entire content of your phone or device, including your emails, contact list, phone number, passwords, and your pictures. Some bluesnarfing attackers use the victim’s phone to call long distance, leaving its owner with a huge telephone bill. All these happen without the victim’s knowledge, of course, and so attacks can go on for a long time.
Perhaps the most widely known bluesnarfing case was that performed by Google back in 2013. The tech giant admitted that it collected data from unencrypted wireless networks, which is bluesnarfing in its raw form. Among the information obtained were emails and passwords. As a result, Google paid a settlement amounting to US$7 million.
History of Bluesnarfing
Researcher Marcel Holtmann first discovered bluesnarfing. However, it became publicly known when Adam Laurie of A.L. Digital disclosed a vulnerability on a blog. He found the bug in November 2003 and wanted to let the manufacturers of Bluetooth devices know about it immediately.
At present, both black- and whitehat hackers can easily access bluesnarfing tools and services on the Dark Web. All they initially need is a downloadable penetration-testing utility such as bluediving. This tool identifies if a device is susceptible to bluesnarfing attacks. Once it finds that a device is vulnerable, the hacker can do any of the following:
- Perform a bluesnarfing attack on his own if he has enough programming skills
- Hire a bluesnarfing attacker
- Get code snippets from websites that teach bluesnarfing
As you can see, it’s not that hard to launch bluesnarfing attacks. Want to know how to stay safe from them? Read on then.
How Can You Avoid Bluesnarfing Attacks?
Since the attack relies on Bluetooth connections, the most logical and safest way to counter it is by turning off your device’s Bluetooth when it’s not in use. Below are other best practices to avoid becoming a victim of bluesnarfing:
- Use a personal identification number (PIN) that has at least eight characters so it will be harder for attackers to crack.
- Take advantage of your phone’s security features, such as two-factor authentication (2FA). That way, your approval is needed for all connection requests.
- Do not accept pairing requests from unknown devices.
- Turn off your phone’s discovery mode to make it invisible to unknown devices.