April 18, 2018

Bluesnarfing and Beyond: Mitigating Network Vulnerabilities

7 minute read

Updated September 30, 2020: This post was originally published on April 18th, 2018 and has been updated to include more detail and information.

Wireless communication has been in a constant state of evolution since the advent of the radio. As connective technology is increasingly incorporated into our built environment, the inherent security gaps also widen. From Bluetooth to Wi-Fi, every technology comes with its own set of vulnerabilities.

Bluetooth Vulnerabilities

Bluetooth technology has gained a reputation in recent years as a security concern, with some even going so far as to claim it is as problematic as public Wi-Fi access points. Bluetooth technology is impressive as it makes it possible for the visually and motion-impaired to enjoy the benefits of the Internet, connect multiple devices or computer systems, and allow the remote control of motor-driven appliances and machinery. However, it really does have its drawbacks — especially when considering its vulnerability to attacks. One of these attacks is gaining in infamy: bluesnarfing.

Bluetooth technology uses a high-speed but very short-range medium for exchanging data by wireless means between desktops, mobile computers, smartphones, tablets, personal digital assistants (PDAs), and other devices. Later versions of Bluetooth support multiple device connections and even its own network called Piconet.

What is Bluesnarfing?

Bluesnarfing (or a Bluesnarf attack) is a device hack that involves the theft of data including contact lists, calendars, emails, or text messages from a Bluetooth-enabled wireless device set to “discoverable” mode. It was first observed back in 2003 by a group of researchers in a technology lab.

To set up a bluesnarf attack, a hacker needs to exploit the vulnerabilities present in some deployments of the object exchange (OBEX) protocol, widely used to execute the exchange of information between wireless devices. The attacker only needs to connect to a service which doesn’t require authentication and request the required information.

Once the OBEX protocol is compromised, a hacker can synchronize their own system with their targeted victim’s device in a process known as pairing. If the firmware on a device is unsecured, an attacker may be able to gain access to and steal all information. They may also be able to gain access to any services available to the targeted user.

Rogue Wireless Access Points

Rogue wireless access points, or WAPs, are wireless access points that have been installed on an otherwise secure network without authorization from the administrator. Sometimes this is done by a well-meaning, if misguided, employee, and other times it can be done by a malicious network attacker.

Rogue WAPs pose such a large risk to organizations is because they serve as network bridges, used to connect two disparate networks. With traditional wired networks, data flows over physical, and often protected, circuits. With wireless networks. data is transmitted using radio signals which can be intercepted. This makes information susceptible to eavesdropping, and can also open a network to unauthorized connections that are difficult to detect and track.

Rogue WAPs not only make networks more porous, they can also sneak around access controls. It's kind of like disabling a building’s alarm and leaving the back door wide open. In turn, any device that connects to the rogue access point must be considered a rogue client, because it will be bypassing the authorized security procedures once it connects to the rogue WAP. 

Similar to a physical intruder, rogue devices and WAPs will go unnoticed if security teams are unable to visualize the transmitting devices in a space, and they can be used to steal information or disrupt network operations.

What makes these network security issues such a concern? When an attack is happening, the victim can be completely in the dark, unaware that their high-value data is leaking. And the larger the network, the greater the risk.

As with many maladies, prevention is often the best form of medicine. Knowing what type of devices exist in a wireless radio-wave environment is the first line of defense. Laying a solid technological foundation that creates situational awareness, including wireless intrusion detection, empowers organizations to make smarter more informed decisions around security, risk mitigation and public safety, at scale.

To learn more about Wireless Intrusion Detection Systems (WIDS), the different types of RF transmissions to monitor for, and how the same technology that is used for detecting physical intruders can be used to address rogue devices and WAPs, contact our team of indoor security experts today.

 

CTA-securing smart workspaces

WHITE PAPER

Learn how to secure your corporate environments and gain situational awareness.

 

This blog post contains forward looking statements which are subject to risks and uncertainties. Please click here to learn more.

Topic(s): Security
Author

Danny Ho

Subscribe to Blog Updates