Monday, March 01, 2021 5:45:42 AM
https://www.inpixon.com/blog/bluesnarfing?utm_content=153591688&utm_medium=social&utm_source=twitter&hss_channel=tw-17874882
Wireless communication has been in a constant state of evolution since the advent of the radio. As connective technology is increasingly incorporated into our built environment, the inherent security gaps also widen. From Bluetooth to Wi-Fi, every technology comes with its own set of vulnerabilities.
Bluetooth Vulnerabilities
Bluetooth technology has gained a reputation in recent years as a security concern, with some even going so far as to claim it is as problematic as public Wi-Fi access points. Bluetooth technology is impressive as it makes it possible for the visually and motion-impaired to enjoy the benefits of the Internet, connect multiple devices or computer systems, and allow the remote control of motor-driven appliances and machinery. However, it really does have its drawbacks — especially when considering its vulnerability to attacks. One of these attacks is gaining in infamy: bluesnarfing.
Bluetooth technology uses a high-speed but very short-range medium for exchanging data by wireless means between desktops, mobile computers, smartphones, tablets, personal digital assistants (PDAs), and other devices. Later versions of Bluetooth support multiple device connections and even its own network called Piconet.
What is Bluesnarfing?
Bluesnarfing (or a Bluesnarf attack) is a device hack that involves the theft of data including contact lists, calendars, emails, or text messages from a Bluetooth-enabled wireless device set to “discoverable” mode. It was first observed back in 2003 by a group of researchers in a technology lab.
To set up a bluesnarf attack, a hacker needs to exploit the vulnerabilities present in some deployments of the object exchange (OBEX) protocol, widely used to execute the exchange of information between wireless devices. The attacker only needs to connect to a service which doesn’t require authentication and request the required information.
Once the OBEX protocol is compromised, a hacker can synchronize their own system with their targeted victim’s device in a process known as pairing. If the firmware on a device is unsecured, an attacker may be able to gain access to and steal all information. They may also be able to gain access to any services available to the targeted user.
Rogue Wireless Access Points
Rogue wireless access points, or WAPs, are wireless access points that have been installed on an otherwise secure network without authorization from the administrator. Sometimes this is done by a well-meaning, if misguided, employee, and other times it can be done by a malicious network attacker.
Rogue WAPs pose such a large risk to organizations is because they serve as network bridges, used to connect two disparate networks. With traditional wired networks, data flows over physical, and often protected, circuits. With wireless networks. data is transmitted using radio signals which can be intercepted. This makes information susceptible to eavesdropping, and can also open a network to unauthorized connections that are difficult to detect and track.
Rogue WAPs not only make networks more porous, they can also sneak around access controls. It's kind of like disabling a building’s alarm and leaving the back door wide open. In turn, any device that connects to the rogue access point must be considered a rogue client, because it will be bypassing the authorized security procedures once it connects to the rogue WAP.
Similar to a physical intruder, rogue devices and WAPs will go unnoticed if security teams are unable to visualize the transmitting devices in a space, and they can be used to steal information or disrupt network operations.
What makes these network security issues such a concern? When an attack is happening, the victim can be completely in the dark, unaware that their high-value data is leaking. And the larger the network, the greater the risk.
As with many maladies, prevention is often the best form of medicine. Knowing what type of devices exist in a wireless radio-wave environment is the first line of defense. Laying a solid technological foundation that creates situational awareness, including wireless intrusion detection, empowers organizations to make smarter more informed decisions around security, risk mitigation and public safety, at scale.
To learn more about Wireless Intrusion Detection Systems (WIDS), the different types of RF transmissions to monitor for, and how the same technology that is used for detecting physical intruders can be used to address rogue devices and WAPs, contact our team of indoor security experts today.
Recent INPX News
- Inpixon Announces Anticipated Closing Date for XTI Merger and Share Consolidation • PR Newswire (US) • 03/11/2024 03:45:00 PM
- Form 8-K/A - Current report: [Amend] • Edgar (US Regulatory) • 02/27/2024 10:15:09 PM
- Form 425 - Prospectuses and communications, business combinations • Edgar (US Regulatory) • 02/23/2024 07:52:52 PM
- Form 8-K - Current report • Edgar (US Regulatory) • 02/23/2024 07:45:53 PM
- Form SC 13G/A - Statement of acquisition of beneficial ownership by individuals: [Amend] • Edgar (US Regulatory) • 02/14/2024 07:48:08 PM
- XTI Aircraft Company Receives Expanded Patent from China • PR Newswire (US) • 02/12/2024 02:30:00 PM
- Form S-3 - Registration statement under Securities Act of 1933 • Edgar (US Regulatory) • 02/06/2024 10:18:49 PM
- Form 8-K - Current report • Edgar (US Regulatory) • 02/05/2024 10:15:13 PM
- Inpixon Provides Update on Pending Strategic Transactions • PR Newswire (US) • 01/12/2024 02:00:00 PM
- Form D - Notice of Exempt Offering of Securities • Edgar (US Regulatory) • 01/09/2024 10:15:04 PM
- Form 8-K - Current report • Edgar (US Regulatory) • 01/03/2024 10:15:12 PM
- Form S-8 - Securities to be offered to employees in employee benefit plans • Edgar (US Regulatory) • 12/29/2023 10:15:41 PM
- Form 8-K/A - Current report: [Amend] • Edgar (US Regulatory) • 12/20/2023 10:20:12 PM
- Form S-1 - General form for registration of securities under the Securities Act of 1933 • Edgar (US Regulatory) • 12/20/2023 10:15:46 PM
- Inpixon Announces That Damon Motors Will Feature Its HyperFighter Superbike at CES 2024 • PR Newswire (US) • 12/20/2023 02:00:00 PM
- Form 424B3 - Prospectus [Rule 424(b)(3)] • Edgar (US Regulatory) • 12/19/2023 10:19:53 PM
- Form 8-K - Current report • Edgar (US Regulatory) • 12/15/2023 10:27:14 PM
- Form 8-K - Current report • Edgar (US Regulatory) • 12/15/2023 10:25:10 PM
- Form 425 - Prospectuses and communications, business combinations • Edgar (US Regulatory) • 12/15/2023 02:48:38 AM
- Inpixon Announces Record Date and Details for Subsidiary Spin-off and its Planned Business Combination with Damon Motors • PR Newswire (US) • 12/14/2023 02:00:00 PM
- Form 8-K - Current report • Edgar (US Regulatory) • 12/12/2023 09:45:54 PM
- Form 425 - Prospectuses and communications, business combinations • Edgar (US Regulatory) • 12/11/2023 10:17:02 PM
- Form 8-K - Current report • Edgar (US Regulatory) • 12/11/2023 10:15:24 PM
- Inpixon Announces Shareholder Approval of Proposals Related to Merger Agreement with XTI Aircraft Company, Developer of a Vertical Lift Crossover Airplane (VLCA) • PR Newswire (US) • 12/11/2023 02:00:00 PM
- Form 10-Q - Quarterly report [Sections 13 or 15(d)] • Edgar (US Regulatory) • 11/20/2023 10:10:29 PM
Axis Technologies Group and Carbonis Forge Ahead with New Digital Carbon Credit Technology • AXTG • Apr 24, 2024 3:00 AM
North Bay Resources Announces Successful Equipment Test at Bishop Gold Mill, Inyo County, California • NBRI • Apr 23, 2024 9:41 AM
Epazz, Inc.: CryObo, Inc. solar Bitcoin operations will issue tokens • EPAZ • Apr 23, 2024 9:20 AM
Avant Technologies Launches Advanced AI Supercomputing Network and Expansive Data Solutions • AVAI • Apr 23, 2024 8:00 AM
BestGrowthStocks.com Issues Comprehensive Analysis of Triller Merger with AGBA Group Holding Limited • AGBA • Apr 22, 2024 1:00 PM
Cannabix Technologies to Present Marijuana Breathalyzer Technology at International Association for Chemical Testing (IACT) Conference in California • BLO • Apr 22, 2024 8:49 AM