Reading time: 10 minutes
BlueBump attack is an cyber attack for bluetooth enabled devices. The attack allows the attacker to connect to the Bluetooth device of target, and then exploit the link key of the target device. The attack gives the attacker unlimited access to the victim's device. The attack can be performed in a very limited range, usually around 10 meters for the smartphones. For laptops, it can reach up to 100 meters with powerful transmitters.
Procedure For The Attack
- In this attack, the hacker uses the social engineering tactics to manipulate the target device to establish the Bluetooth connection with the attacker device.
- After establishing the connection, the attacker further tricks the target device to delete its link key.
- The attacker further requests the target device for a new link key generation, but this time asking for unlimited access to the hacker device.
- Once this new key is accepted, the attacker gets access permissions to exploit the target device, as long as the link key is not deleted again.
Mitigation For The Attack
Decline any messages or connection requests that come from unknown devices. Keep the Bluetooth off in public places. Keep the device updated and use strong and complex passwords.Turn off the Bluetooth device when not in use. Do not store the pairing PIN code of the Bluetooth devices permanently.