Bluetooth Vulnerabilities

Summary

Excerpt From Introduction to Wireless Threat Intelligence Webinar
Learn More in This Video From CTO Dr. Brett Walkenhorst on Bluetooth Vulnerabilities
CTO Dr. Brett Walkenhorst presents the various vulnerabilities found in Bluetooth technology. Attackers may use those vulnerabilities to infiltrate systems and obtain unauthorized access to private data. See this video to find out more about particular attack techniques and often used malicious Bluetooth-enabled devices.

Video Transcript

Bluetooth has a number of different vulnerabilities. There's actually a lot Just at a high level, Bluetooth has a lot of vulnerabilities. One of the common things that people do with Bluetooth is similar in impact to the cellular downgrade, but this is about security downgrade with a different mechanism.

Basically, I can either spoof an existing network to force security to be downgraded or I can just try to connect and claim that I can't do certain things. And because of the ecosystem in which Bluetooth operates, interoperability is really critical and so most developers don't put certain controls in place and they leave things wide open so that the device that they designed is just gonna connect to anybody and and everybody.

So if I claim that I can't do encryption, the other device says, okay, no problem. We'll talk without encryption. So it's a very simple thing to do and it can be very powerful to to downgrade security to get access to additional information that maybe you shouldn't have access to.

Monitoring similar to Wi Fi, denial of service, again, similar to Wi Fi. Session hijacking, there's a lot of these kinds of attacks where I can I can insert myself into a session forcing forcing one of the devices out so they drop the connection, but I become that device?

I start to I pretend I take that place and then I can do other things to attack the device that I've connected to. And if I do that carefully on both sides of the connection, I can disrupt the legitimate community patient and I can serve as a machine in the middle and do additional things from that trusted position.

Key stroke injection is a really interesting one. If I can convince a target that I'm a legitimate hid device, then I can provide keystrokes that that target will accept. And at that point, I have I can do anything. I can I can insert malware? I can install things.

I can I can extract information and run scripts? What whatever it is that I wanna do. So I I can really take a huge amount of control at that point. There's also devices that are Bluetooth focused. In the upper right, there is, an NRF device from Nordic semiconductor, very commonly used for stiffing Bluetooth, and there's plenty of legitimate use cases for that, by the way.

Developers use this kind of device all the time. But bad guys can use it too. And it can be used to attack as well as listen and do packet capture. There's a flipper device which has gotten a lot of press recently. It's cute little form factor, but quite capable.

A lot of different protocols available to it, including Bluetooth, in its native form. And there's a USB ninja device, USB ninja is similar in nature where we establish command and control over Bluetooth. To a cable that looks just like a charging cable. You plug it into a device.

That device becomes the target and now I can execute a tax on that device.