Reading time: 10 minutes
Bluebugging is a type of cyber attack done on the Bluetooth enabled devices. The attack allows the hacker to access the cell commands and infiltrate the phone calls, read and send SMS. The attack even allows any hacker to modify the contact list, connect to the internet and eavesdrop on any phone conversation and record it.The attack was developed after the onset of bluejacking and bluesnarfing.
Procedure For The Attack
For this attack to happen the most important condition is that the victim cell should ON and the bluetooth should be in discoverable mode in victim cell.
If these conditions are met then the hacker first initiates the connection to the victim device. If the connection is established, then the hacker uses this connection to install the backdoor in the victim device. The backdoor then exploit several security vulnerabilities such as remote code execution vulnerability, local privilege escalation vulnerability etc. and give the unauthorized access of the victim device to the hacker.
Due to the backdoor, the hacker device remain listed in the victim cell and as a trusted device. The hacker then uses this attack to control the victim cell by entering AT commands and can even control the victim Bluetooth headset to perform malicious activities.
Image For Understanding The Attack
Mitigation For The Attack
The attack can be prevented by:
- keeping the Bluetooth OFF when not in use.
- Reset the Bluetooth settings to take off all the devices from the trusted list.
- Set the device to the hidden, invisible or the non-discoverable mode when using the Bluetooth.
- Keep the Bluetooth off in public places, including restaurants, stores, airports, shopping malls, train stations, etc.