Threat Category: Network Threats: Bluetooth
Threat Description: Bluesnarfing is a vulnerability that adversaries can take advantage of to exfiltrate data from the target device without the user’s knowledge or interaction.
Guide to Bluetooth Security (SP 800-121) 1
Studying Bluetooth Malware Propagation: The BlueBag Project 2
To reduce opportunity for this attack on vulnerable devices, disable Bluetooth when that feature is not in use. Note: per NIST SP 800-121 Revision 1, some older devices possessed a firmware vulnerability enabling this exploit.
To reduce opportunity for this attack while Bluetooth is in use, operate the device in a secure location away from windows and doors, outside of which the probability an attacker can establish Bluetooth communication is remote.
J. Padgette, K. Scarfone and L. Chen, Guide to Bluetooth Security, SP 800-121 rev. 1, National Institute of Standards and Technology, 2012; http://csrc.nist.gov/publications/nistpubs/800-121-rev1/sp800-121_rev1.pdf [accessed 8/24/2016] ↩
L. Carettoni, C. Merloni and S. Zanero, “Studying Bluetooth Malware Propagation: The BlueBag Project”, Proceedings of the 2007 IEEE Symposium on Security and Privacy, pp. 17-25, 2007; http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=4140986 [accessed 8/24/2016] ↩