Bluetooth and IoT Wireless Threats
Learn the security weaknesses in Bluetooth (bluejacking, bluesnarfing) and IoT wireless protocols and how to minimize their risk footprint.
Bluetooth Security Fundamentals
Bluetooth is a short-range wireless technology (typically 10-100 meters) operating in the 2.4 GHz ISM band. It uses frequency hopping spread spectrum (up to 1600 hops per second) which provides some resistance to interference and casual eavesdropping. Bluetooth devices pair by exchanging a PIN or using Secure Simple Pairing (SSP). Security+ tests knowledge of Bluetooth-specific attacks, the security modes available in Bluetooth classic and BLE (Bluetooth Low Energy), and controls to minimize the attack surface of Bluetooth-enabled devices.
Bluejacking and Bluesnarfing
Bluejacking is a relatively benign attack that sends unsolicited messages to discoverable Bluetooth devices. It requires the target to have Bluetooth in discoverable mode and exploits the device's contact-sharing feature to push a vCard or message. More serious is bluesnarfing, which exploits vulnerabilities in the OBEX Push protocol to access contacts, calendar data, and files on a target device without pairing authorization. Bluesnarfing was a significant concern in early Bluetooth implementations (pre-2004) but has largely been patched in modern devices. Both attacks require proximity to the victim.
# Detecting discoverable Bluetooth devices:
hcitool scan
btscanner
# BlueZ tools for Bluetooth security testing:
hciconfig hci0 up
hcitool inq # inquiry scan
sdptool browse <BD_ADDR> # enumerate services
# Defense: disable discoverable mode when not pairing
# hciconfig hci0 noscanAll lessons in this course
- Wi-Fi Security Protocols: WEP, WPA2, WPA3
- Wireless Attacks: Evil Twin, Deauth, and Rogue AP
- Enterprise Wireless: 802.1X and RADIUS
- Bluetooth and IoT Wireless Threats