From UPSC perspective, the following things are important :
Prelims level : Bluebugging
Mains level : Cyber security challenges
Cybersecurity experts note that apps that let users connect smartphones or laptops to wireless earplugs can record conversations, and are vulnerable to hacks through a process called Bluebugging.
What is Bluebugging?
- It is a form of hacking that lets attackers access a device through its discoverable Bluetooth connection.
- Once a device or phone is blue-bugged, a hacker can listen to the calls, read and send messages and steal and modify contacts.
- It started out as a threat for laptops with Bluetooth capability. Later hackers used the technique to target mobile phones and other devices.
- Independent security researcher Martin Herfurt blogged about the threat of bluebugging as early as 2004.
- He noted that the bug exploited a loophole in Bluetooth protocol, enabling it to download phone books and call lists from the attacked user’s phone.
How does bluebugging hack devices?
- Bluebugging attacks work by exploiting Bluetooth-enabled devices.
- The device’s Bluetooth must be in discoverable mode, which is the default setting on most devices.
- The hacker then tries to pair with the device via Bluetooth. Once a connection is established, hackers can use brute force attacks to bypass authentication.
- They can install malware in the compromised device to gain unauthorised access to it.
- Bluebugging can happen whenever a Bluetooth enabled device is within a 10-metre radius of the hacker.
- However, according to a blog by VPN service provider NordVPN, hackers can use booster antennas to widen the attack range.
Why is it a big threat?
- Even the most secure smartphones like iPhones are vulnerable to such attacks.
- Any app with access to Bluetooth can record users’ conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets, some app developers say.
- Through Bluebugging, a hacker can gain unauthorised access to these apps and devices and control them as per their wish.
How can one prevent bluebugging?
Here are some of the ways to prevent bluebugging-
- Turning off Bluetooth and disconnecting paired Bluetooth devices when not in use,
- Updating the device’s system software to the latest version,
- Limiting the use of public Wi-Fi, and
- Using VPN as an additional security measure