Threat Category: Network Threats: Bluetooth
ID: LPN-10
Threat Description: Bluebugging is a Bluetooth vulnerability that allows the attacker to take full control of the target device without the user’s knowledge.
Threat Origin
Guide to Bluetooth Security (SP 800-121) 1
Exploit Examples
Studying Bluetooth Malware Propagation: The BlueBag Project 2
CVE Examples
Not Applicable
Possible Countermeasures
To reduce the opportunity for an attacker to conduct this attack, disable Bluetooth on vulnerable (circa 2004) devices when that feature is not in use. 3
References
J. Padgette, K. Scarfone and L. Chen, Guide to Bluetooth Security, SP 800-121 rev. 1, National Institute of Standards and Technology, 2012; http://csrc.nist.gov/publications/nistpubs/800-121-rev1/sp800-121_rev1.pdf [accessed 8/24/2016] ↩
L. Carettoni, C. Merloni and S. Zanero, “Studying Bluetooth Malware Propagation: The BlueBag Project”, Proceedings of the 2007 IEEE Symposium on Security and Privacy, pp. 17-25, 2007; http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=4140986 [accessed 8/24/2016] ↩
J. Padgette et. al, Guide to Bluetooth Security, Draft SP 800-121 rev. 2, National Institute of Standards and Technology, 2016; http://csrc.nist.gov/publications/drafts/800-121/sp800_121_r2_draft.pdf [accessed 12/07/2016] ↩