What does Bluesnarfing mean ?
Bluesnarfing is the name for a hacking attack in which information is stolen via a Bluetooth connection. Snarfing generally refers to the capture of files or documents without the owner’s permission.
How does Bluesnarfing work ?
In Bluesnarfing, hackers exploit a vulnerability in the Object Exchange Protocol, abbreviated OBEX. OBEX is a communication protocol for exchanging binary objects between two devices. In a BlueSnarf attack, a connection is first established to the OBEX Push Profile (OPP) of the attacked device. This does not require authentication. A connection is then established to the OBEX push target.
After that, a hacker can execute an OBEX GET request for filenames known to him. These filenames are standardized, making it easier to steal data. For example, the standardized filename for a smartphone’s phonebook is “telecom / pb.vcf”. After synchronizing the devices via so-called paring, the attacker can steal data with known or guessed file names from the target device.
Measures to protect against Bluesnarfing
Bluesnarf attacks are only possible if, for example, the Bluetooth function is activated on a smartphone and set to “Discoverable”. This allows hackers to locate possible victims in their vicinity. The Bluetooth function should therefore be switched off if it is not required. If the Bluetooth function is needed, it should be set to “Hidden” in the visibility settings.
More information about Bluesnarfing can be found here:
Do you have any more questions?