HyperWiki

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
en:philosophy:bluetooth [2022/11/18 12:38]
throgh [Bluetooth and its problems] 		en:philosophy:bluetooth [2022/11/29 12:54] (current)
throgh [Bluetooth and its problems]
Line 1: Line 1:
 ====== Bluetooth and its problems ====== ====== Bluetooth and its problems ======
  
-Within Hyperbola bluetooth is not included since the release of Milky Way v0.4. As technology standard for short-range wireless connection there are too many risks for stability and security, besides that there are no real community-driven implementations for GNU/Linux available and the support for our own HyperbolaBSD is also not given on a solid base.+Within Hyperbola bluetooth is not included since the release of Milky Way v0.4. As technology standard for short-range wireless connection there are too many risks for stability and security, besides that there are no real community-driven implementations for GNU/Linux available and the support for our own **HyperbolaBSD** is also not given on a solid base.
  
 ===== About Security Risks ===== ===== About Security Risks =====
Line 7: Line 7:
 There are a variety of attack types which can be launched against bluetooth devices. There are a variety of attack types which can be launched against bluetooth devices.
  
-Possible attackers can steal the data shared between connected devices. This data can be exploited for mobile spying purposesor for exampleto steal the authentication data from a bluetooth authenticating device or hardware. This kind of attack is called //BlueSnarfing// and therefore especially dangerous when the traffic isn’t encrypted.+Possible attackers can steal the data shared between connected devices. This data can therefore be exploited for mobile spying purposes or for example to steal the authentication data from a bluetooth authenticating device or hardware. This kind of attack is called [[https://en.wikipedia.org/wiki/Bluesnarfing|BlueSnarfing]] and therefore especially dangerous when the traffic isn’t encrypted.
  
-Other types of attacks can terminate generic the battery (and therefore also the lifespan of a battery), disable the device itself or introduce information into the victim’s mobile data, such as contacts.+Other types of attacks can terminate generic the battery (//and therefore also the lifespan of a battery//), disable the device itself or introduce information into the victim’s mobile data, such as contacts.
  
 <note important>The most common and safest prevention measure is to keep the bluetooth service disabled when unnecessary. When bluetooth as interface and connection is enabled, any attacker only needs to come near the potential victim and execute a vulnerability scan to discover the vulnerable devices or traffic.</note> <note important>The most common and safest prevention measure is to keep the bluetooth service disabled when unnecessary. When bluetooth as interface and connection is enabled, any attacker only needs to come near the potential victim and execute a vulnerability scan to discover the vulnerable devices or traffic.</note>
  
-One of the most popular tools that the attackers use to find the unsecure traffic or devices to attack is [[https://github.com/balle/bluediving|BlueDiving]], which additional to vulnerability discovery functionalities. It also includes exploitation codes or programs to run the attacks. In other words, an attacker only needs to be near 10 meters to get into the corresponding device.+One of the popular tools that the attackers use to find the unsecure traffic or devices to attack is [[https://github.com/balle/bluediving|BlueDiving]], which additional to vulnerability support for the discovery of functionalities. It also includes exploitation codes or programs to run the attacks. In other words, any kind of attacker only needs to be near 10 meters to get into the corresponding device.
  
-**The only way for potential victims to avoid getting scanned is to keep the bluetooth service turned off or remove it in a whole when possible.**+**The only way to avoid getting scanned is to keep the bluetooth service turned off or remove it in a whole when possible.**
  
-While many experts recommend the additional tips like identifying the pairing devices to make sure that these are the devices that the users want to connect, regular users can’t realize if the traffic between both devices is being sniffed or spied onto. To be mentioned also attacks called Bluesniping which are launched with special hardware and are not common at all. As to point out that attackers need a relatively close distance to proceed their actions.+While many experts recommend the additional tips like identifying the pairing devices to make sure that these are the devices that the users want to connect, regular users can’t realize if the traffic between both devices is being sniffed or spied onto. To be mentioned also attacks called [[https://en.wikipedia.org/wiki/Bluesnarfing#Bluesniping|Bluesniping]], which are launched with special hardware and are not common at all. As to point out again that attackers need a relatively close distance to proceed their actions.
  
 ===== Attack Types ===== ===== Attack Types =====
  
-To be more concrete of the characteristics of each attack to understand the real danger that users are exposed to, we are including now a listing of possible attack-types and their individual overall description.+To be more concrete of the characteristics of each attack and to understand the real danger that users are exposed to, we are including now a listing of possible attack-types and their individual overall description.
  
 **BlueSmacking:** This type of attack is almost inoffensive, and consists of disabling the mobile bluetooth services by sending a large amount of big data-packages to generate an overload. In the generic security environment, this type of attack is widely known as DOS (//Denial of Service//). When this is specifically launched against a bluetooth device, it’s defined as //BlueSmacking//. As a consequence, the attacked user won’t suffer a data leak or privacy violation. Just the bluetooth service will stop working in a whole. This attack may also decrease the battery charge and therefore the lifespan of the battery itself. **BlueSmacking:** This type of attack is almost inoffensive, and consists of disabling the mobile bluetooth services by sending a large amount of big data-packages to generate an overload. In the generic security environment, this type of attack is widely known as DOS (//Denial of Service//). When this is specifically launched against a bluetooth device, it’s defined as //BlueSmacking//. As a consequence, the attacked user won’t suffer a data leak or privacy violation. Just the bluetooth service will stop working in a whole. This attack may also decrease the battery charge and therefore the lifespan of the battery itself.