Although Bluetooth is extremely convenient for short-range wireless data transfers, it also has several
security risks if not configured and used securely. Following are some of the common Bluetooth threats:
1. Loss of personal data :
An attacker can exploit existing Bluetooth vulnerabilities to steal personal and confidential data like contacts, SMS (Short Message Service text messages), call logs, and so on over Bluetooth and use it for malicious purposes.
2. Hijacking :
An attacker could completely hijack a device over Bluetooth and act without the user’s interaction. This includes making calls, recording ongoing conversations, and the like.
3. Sending SMS :
An attacker can make use of the compromised Bluetooth device to send SMS to any person to hide his own identity. This is mainly done for terrorist activities.
4. Using airtime :
An attacker could make international calls from a device compromised over Bluetooth and cause severe financial damage to victim.
5. Malicious code :
An attacker can send malware over Bluetooth that would infect the device permanently and modify, steal, or destroy sensitive user data on the device.
6. Inherent vulnerabilities :
The Bluetooth stack as a whole may have some inherent vulnerabilities that might be exploited.
7. Bluejacking :
Bluejacking is a process of forcefully sending unwanted messages to the victim over Bluetooth. It is similar to email spamming. Though it is not very harmful, it can cause nuisance to the victim. It is often used for forceful marketing.
8. Bluesniff :
Bluesniff is a utility on Linux that is used for Bluetooth wardriving. It is useful for finding hidden and discoverable Bluetooth devices.
9. Bluesmacking :
Bluesmacking is a type of Denial of Service attack over Bluetooth. In this attack, an oversized packet is sent to a victim’s device over Bluetooth, which causes it to crash.
10. Bluesnarfing :
Bluesnarfing makes use of a vulnerability in the Bluetooth stack to gain unauthorized access to sensitive information on the victim’s device. The attacker can gain access to the victim’s phone book and calendar entries through this attack.