Bluebugging: The Most Common Method To Hack Into Your Blackberry Device


If you are one of the people who have been using wireless Bluetooth connection on your phones, you should sit up and listen to this. It is becoming easy for pranksters to easily hack into your conversation/device using a very old trick that have been resurrected  and which again is becoming increasingly common.

There are lots of specialized softwares to intercept your Bluetooth signal using a process called “bluebugging”. This is a form of Bluetooth attack often caused by a lack of awareness that was developed after the onset of bluejacking and bluesnarfing. Similar to bluesnarfing, bluebugging accesses and uses all phone features but is limited by the transmitting power of class 2 Bluetooth radios, normally capping its range at 10–15 meters. However, the operational range has been increased with the advent of directional antennas.

Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e., for bluedating or bluechat) to another Bluetooth-enabled device via the OBEX protocol.

Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs. This allows access to a calendar, contact list, emails and text messages, and on some phones users can copy pictures and private videos. Bluesnarfing is much more serious than Bluejacking, but both exploit others’ Bluetooth connections without their knowledge. Any device with its Bluetooth connection turned on and set to “discoverable” (able to be found by other Bluetooth devices in range) may be susceptible to Bluejacking, and possibly to Bluesnarfing when, and if, Bluesnarfing of the current Bluetooth security becomes possible.

Bluebugging manipulates a target phone into compromising its security, this to create a backdoor attack before returning control of the phone to its owner. Once control of a phone has been established, it is used to call back the hacker who is then able to listen-in to conversations. The Bluebug program also has the capability to create a call forwarding application whereby the hacker receives calls intended for the target phone.

A further development of Bluebugging has allowed for the control of target phones through Bluetooth phone headsets, It achieves this by pretending to be the headset and thereby “tricking” the phone into obeying call commands. Not only can a hacker receive calls intended for the target phone, he can send messages, read phonebooks, and examine calendars.

Man In The Middle Attack

Under ideal conditions, a BlueBug attack takes only a few seconds (depending on the things, which are done during the attack). Due to the limited transmit power of class 2 bluetooth radios, the distance of the victim’s device to the attacker’s device during the attack should not exceed 10-15 meters. Similar to wardriving, also for bluetoothing a directional antenna can be attached to the radio in order to increase the range.

Since the BlueBug security loophole allows to issue AT commands via a covert channel to the vulnerable phones without prompting the owner of this phone, this security flaw does allow a vast number of things that may be done when the phone is attacked via bluetooth:

  • initiating phone calls
  • sending SMS to any number
  • reading SMS from the phone
  • reading phonebook entries
  • writing phonebook entries
  • setting call forwards
  • connecting to the internet
  • forcing the phone to use a certain service provider
  • … and many more things


Tips to Ensure Your Bluetooth Is A Bit Secure:

  • Understand what bluebugging is. The term describes attacks on phones that use the popular Bluetooth wireless technology. When a hacker successfully bluebugs your phone, he can access your Internet connection, make calls from your phone number, listen in on your conversations and change entries in your calendar and contact list.
  • Always use a minimum of eight characters in your PIN. The longer your code, the more difficult it is to crack.
  • Switch Bluetooth into “not discoverable” mode when you aren’t using it. If you make a call from your car, be sure to switch it off when you get out. Crowded public places are top spots for hackers.
  • Don’t accept pairing requests from unknown parties. If you happen to pair your phone with a hacker’s computer, then all your data will be at risk.
  • When pairing devices for the first time, do so at home or in the office.
  • Make sure you download and install regular security updates. Device manufactures will release updates to address threats and correct weaknesses.
  • Contact your phone’s manufacturer if you are concerned about bluebugging. Several major cell-phone companies, including Nokia and Ericsson, have developed software “patches” that make it difficult for bluebuggers to hack into these older-model phones.

10 You Shouldn’t Do With You Smartphones:

1. No password protection.
If you could “lock” your wallet, wouldn’t you? Well, why don’t more folks lock their iPhone or Android phone? While it is nowhere CLOSE to being foolproof, a phone password works like the theory of the burglar and the dog: If you take that extra step to protect yourself, most bad guys will simply move on to the next (easier) target. It’s a lot easier for a thief to steal a smartphone with no password than it is to work on cracking your phone.

2. Shopping online with an Internet browser instead of a shopping app.
If you have the choice between shopping at using your phone’s browser versus Amazon’s app, use the app! Ditto for eBay, Overstock, and any big retailer that gives you the option of using their app. Unlike browsers, dedicated shopping apps are designed to ward off phishing and other kinds of scams. (Before you download it, just make sure it’s really their official app!)

3. Remain logged-in into banking, PayPal, eBay, and other sensitive apps
Would you keep your Macy’s credit card, Wells Fargo debit card or AmEx on top of your desk at work? How about the front seat of your car? I think not. Then why would you keep your phone permanently logged into those same accounts? When you finish banking or shopping, make sure to log out. And NEVER click the box asking the app to save your user ID or password. Yes, it’s a pain in the butt to log in every time. We all tend to value convenience over security. But if a thief gets a hold of a phone that is already logged into sensitive accounts – especially if that phone has no password – it could spell financial disaster. And remember, turning off your devices every now and then can be a good idea.

4. Automatically connecting to any available WiFi connections.
Whether you are using your laptop, tablet or smartphone, switch off the feature that connects to nearby WiFi networks automatically. Otherwise, hackers with the right software can easily hack your phone, as security experts have warned us for more than a decade.In truth, obtaining data even over a public WiFi network requires a certain level of knowledge about software such as WiFi scanners, and your average person simply doesn’t possess the necessary skills. Yes, there are tools like the FireSheep extension for Firefox that can hijack sessions easily in theory, but in practice some technical knowledge is usually required to do anything truly malicious. Consider tunneling using apps such as LogMeIn. For desktops check out this Five Best VPN Tools.

5. Leaving  your Bluetooth connections open.
While this type of hack requires the intruder to be relatively close to you (less than 30 feet away), the intrusion can occur undetected in a busy airport, hotel lobby, restaurant, or at a conference.

6. Failing to properly erase data from old smartphones
Many people fail to remove sensitive, personal data from their smartphone before taking it out of service, donating it or selling it. Short of physically shredding your device (which is the only surefire way to delete all your data in an irretrievable manner), you should ensure that all data on your phone are irrecoverable before disposal.

7. Downloading “free” apps that aren’t actually free.
Many Apps you see as “free” are actually little more than thinly-disguised data thieves. Downloading one gives the app complete access to your phone, which a fraudster can use to steal your credit card and bank account info. Such apps also can turn your phone into a launch pad from which scammers can attack other peoples’ phones with SMS texts and Smishing scams. Be smart and discreet about what you download. Read reviews first, and make sure the apps you download come from reputable sources.

8. Storing sensitive data on phones.
Many people store passwords, pins, Social Security numbers, credit card or bank account information on smartphones. It may be a document created expressly for this purpose, or it could be an email they themselves from their computers. On a phone, emails and downloaded documents are especially easy for thieves to find and steal, especially if the phone is not password protected. Some people even label the document or email “passwords,” making them especially easy prey for hackers and scammers. Make sure to delete all documents
and emails containing sensitive information from your phone.

9. Failing to clear browser history.
Not clearing the browser history on your phone or desktop can be just as dangerous as staying logged into the website of your bank or your favorite store (see mistake #3). By retracing your steps, a phone thief can use your history to hijack your accounts, steal your money and wreck havoc.
How to Delete the iPhone’s Safari Browser History
How To Delete Your Mobile Browsing History [Android]
Delete your Chrome browsing history
Remove recent browsing, search and download history
Delete Windows Internet Explorer 7 and Windows Internet Explorer 8 webpage history

10. Having no remote wiping software set up for your device.
Various apps and services enable you to locate your phone, and also wipe its data clean, if it’s lost or stolen. Tech-savvy hackers may be able to disengage these applications, but it’s just one more layer of protection you can use to reduce your risks if you ever lose your phone.
Lookout Security & Antivirus – Android Apps on Google Play
Lookout – Free Backup, Security, Find My Device for iPhone, iPod touch, and iPad on the iTunes App Store

Android Apps To Play With:

Bluetooth Spammer searches for all nearby discoverable/visible BT devices and sends selected file to every one every minute.
BlueJack automatically searches for nearby Bluetooth enabled devices and sends them a selected image or photo.
Bluetooth RSSI Pro

Enhanced by Zemanta

Leave a Reply