1 00:00:06,470 --> 00:00:08,620 - [Lecturer] Throughout time, there have been a collection 2 00:00:08,620 --> 00:00:10,880 of Bluetooth implementation vulnerabilities. 3 00:00:10,880 --> 00:00:13,260 One of the most popular in the past 4 00:00:13,260 --> 00:00:15,507 has been the BlueBorne. 5 00:00:15,507 --> 00:00:16,780 And actually, BlueBorne 6 00:00:16,780 --> 00:00:19,480 is a collection of vulnerabilities, 7 00:00:19,480 --> 00:00:23,250 and these vulnerabilities collectively affect Windows, 8 00:00:23,250 --> 00:00:27,090 iOS and Linux kernel-based operating systems, 9 00:00:27,090 --> 00:00:29,680 including Android and Tizen. 10 00:00:29,680 --> 00:00:32,730 Now, if an attacker exploits these vulnerabilities, 11 00:00:32,730 --> 00:00:35,780 it will allow for an unauthenticated attacker 12 00:00:35,780 --> 00:00:39,930 to do remote code execution on the affected devices. 13 00:00:39,930 --> 00:00:42,460 There are several other attacks against Bluetooth, 14 00:00:42,460 --> 00:00:46,540 although modern implementations and latest versions 15 00:00:46,540 --> 00:00:49,700 of Bluetooth stacks have protections in place 16 00:00:49,700 --> 00:00:52,090 that actually mitigate these attacks. 17 00:00:52,090 --> 00:00:56,440 For example, there is a type of attack called BlueSnarfing, 18 00:00:56,440 --> 00:00:59,190 and this attack takes data 19 00:00:59,190 --> 00:01:01,510 from the Bluetooth enabled device. 20 00:01:01,510 --> 00:01:06,130 This can include SMS messages, calendar information, 21 00:01:06,130 --> 00:01:09,940 images, the phone book and even chats, right, 22 00:01:09,940 --> 00:01:13,770 any type of a messaging in the system, the affected device. 23 00:01:13,770 --> 00:01:15,170 There's also BluePrinting, 24 00:01:15,170 --> 00:01:17,110 and that's actually the process 25 00:01:17,110 --> 00:01:21,220 of footprinting the Bluetooth traffic. 26 00:01:21,220 --> 00:01:23,180 Now, BlueBugging is another attack, 27 00:01:23,180 --> 00:01:26,880 and the attacker using this type of attack 28 00:01:26,880 --> 00:01:30,140 is actually able to take control of the target's phone. 29 00:01:30,140 --> 00:01:34,100 And a tool called Bluever was actually developed 30 00:01:34,100 --> 00:01:36,820 as a proof of concept tool for this attack. 31 00:01:36,820 --> 00:01:38,940 Another one is BlueJacking, 32 00:01:38,940 --> 00:01:41,990 and this is where you send, quote unquote, 33 00:01:41,990 --> 00:01:44,420 a business card, or via a text message, 34 00:01:44,420 --> 00:01:48,480 that if the user allows to be added in their contact list, 35 00:01:48,480 --> 00:01:50,150 it will allow you to continue 36 00:01:50,150 --> 00:01:52,490 to send additional messages, right. 37 00:01:52,490 --> 00:01:55,930 There's also denial of service attacks like BlueSmack 38 00:01:55,930 --> 00:01:59,030 that will actually cause denial of service conditions 39 00:01:59,030 --> 00:02:00,540 in a Bluetooth device. 40 00:02:00,540 --> 00:02:03,900 However, denial of service attacks in Bluetooth 41 00:02:03,900 --> 00:02:07,443 are not that interesting from a pen testing perspective.