Some smartphone users like to have Bluetooth turned on, but keep their devices in non-discoverable mode so other connected gadgets won't detect them. It turns out this precaution is just a myth, and keeping your device non-discoverable won't fully protect it against hackers bent on breaking into your
phone. There are scanners and sniffer devices in existence that find your device's Bluetooth address and let infiltration commence even when it’s set to non-discoverable.
Your best bet is still keeping Bluetooth off.
A significant vulnerability that eases the process is the "factory" default password used on the majority of Bluetooth devices, which is something to the tune of "0000" or "1234". Once someone has sniffed your Bluetooth address, chances are they can establish a connection using this PIN code. According to security researchers, it's this unreasonably simplified system that faciliates most cases of Bluetooth eavesdropping and so-called "Bluejacking" – connecting to a phone and sending spam content. So one of the better things you can do in this regard is change your Bluetooth password to a less PIN.
The way this goes is that most consumer devices rely on the Bluetooth Device Address (BD_ADDR) information as a security mechanism. Operating in discoverable mode, Bluetooth devices respond to page request messages issued by other gadgets with their BD_ADDR information. In non-discoverable mode, though, BD_ADDR information requests are ignored. It may be common sense, but devices in discoverable mode are especially vulnerable as they get easily identified with tools such as BTScanner that send repeated page request messages to all Bluetooth devices within range.
What's the take-away here? Keeping Bluetooth devices non-discoverable is still good practice, but it won't stop attackers. They are able to send con request messages to every common BD_ADDR prefix or OUI until the full BD_ADDR is known. Either that, or they can use a list of common BD_ADDR prefixes that lets an attacker test all known Bluetooth OUI values in less than 2 minutes. Ultimately, Bluetooth is best left switched off unless you're using it to pair a device or transmit information.
source:
SANS Tech Institute via
MakeUseOfALSO READ
posted by Luis D.
/ Jun 17, 2016, 9:36 AM
4 Comments
1. TechieXP1969
Posts: 14967; Member since: Sep 25, 2013
posted on Jun 17, 2016, 10:33 AM 4
3. elitewolverine
Posts: 5192; Member since: Oct 28, 2013
posted on Jun 19, 2016, 7:18 AM 2
4. epdm2be
Posts: 823; Member since: Apr 20, 2012
posted on Jun 19, 2016, 8:07 PM 0
5. hotmaillogin
Posts: 2; Member since: Feb 21, 2017
posted on May 16, 2018, 10:48 PM 0
PhoneArena Comments Rules
A discussion is a place, where people can voice their opinion, no matter if it is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please, contact us.
Comments Options
Report Post
Send a warning to post author
Send a warning to Selected user. The user has 0 warnings currently.
Ban user and delete all posts
Message to PhoneArena moderator (optional):