Bluetooth Security Risks:MOBILE SECURITY

Bluetooth Security Risks
1. The first step in using any Bluetooth device is to turn on the Bluetooth feature in it. The default state of Bluetooth in any device is “Off” mode. 
2. Once Bluetooth is turned on, it is in active but dormant state. In order to use it, it needs to be put in to “Discoverable” state. In theory when a device is in “non discoverable” state it should not be visible to other devices but in reality the device is still discoverable to those devices it has made a connection before using MAC address. A hacker seeing the Blue LED can use Brute Force address discovery process to record the MAC address and hack the device using software such as RedFang.


3. During communication process also Bluetooth technology exposes itself to security breach as the address itself is not encrypted although the message may be encrypted. Technique such as frequency hogging provides some protection but is not completely secure.
4. There are devices available in the market which can capture a Bluetooth signal from the air and analyze. At present cost is prohibitive for casual hackers to acquire some of these devices but still a professional hacker can use those devices and hack vital information.
5. Many owners leave the Bluetooth device in the discoverable mode after actual use due to ignorance or simply forget to turn off “discoverable” mode which gives hackers easy opportunity to pair with their device and hack.
6. Pairing two Bluetooth devices usually does not require any authentication, however using a service like file transfer or data/video/voice exchange require some authentication by entering PIN. Once PINs are entered a link key is generated and stored in the device’s memory. This process is not required for next time onwards.
7. Many vendors do not implement authentication and authorization process correctly allowing hackers to steal information or use one’s phone or use it for making calls or SMS.