The Smart Lock Feature allows Android users (Android version 5.0 and later) to automatically unlock their smartphone whenever a trusted device, Wi-Fi network or geo location is in close proximity. Trusted devices could either be NFC tags or Bluetooth devices. Looking at Bluetooth devices, it turned out that the Smart Lock implementation had at least one security issue that got resolved.
The carwhisperer project intends to sensibilise manufacturers of carkits and other Bluetooth appliances without display and keyboard for the possible security threat evolving from the use of standard passkeys. A Bluetooth passkey is used within the pairing process that takes place, when two Bluetooth enabled devices connect for the first time.
BlueDumping is the act of causing a Bluetooth device to ‘dump’ it’s stored link key, thereby creating an opportunity for key-exchange sniffing to take place. The attacks on link keys and PINs were first publicised by Ollie Whitehouse, at CanSecWest, in which he describes a method by which the PIN and link-keys can be obtained if a pairing event can be witnessed with a Bluetooth sniffer.
The BlueBump attack is the Bluetooth equivalent to a very cool physical security thread called key bumping. When used correctly, an appropriate bump key can be used to open any lock in seconds. Since the BlueBump attack is also about keys (link keys in this case) we named this attack after this amazing technique.
BlueSnarf++ is an attack that is very similar to the famous BlueSnarf attack. The main difference is that BlueSnarf++ is an attack where the attacker has full read/write access to the device’s filesystem. The manufacturers of the devices that are known to be vulnerable have been informed about this issue.
The HeloMoto attack has been discovered by Adam Laurie and is a combination of the BlueSnarf attack and the BlueBug attack. The attack is called HeloMoto, since it was discovered on Motorola phones. Method The HeloMoto attack takes advantage of the incorrect implementation of the ‘trusted device’ handling on some Motorola devices.
Each Bluetooth device has a device class (type of device and services it provides) which is part of the responds to an inquiry. The device class has a total length of 24 bits and is separated in three parts. First there is the Service Class which is a bit field (first 11 bits) and second and third are the Major (5 bits) and Minor (6 bits) device class.
BlueSmack is a Bluetooth attack that knocks out some Bluetooth-enabled devices immediately. This Denial of Service attack can be conducted using standard tools that ship with the official Linux Bluez utils package. Introduction The ‘Ping of Death’ is basically a network ping packet that used to knock out early versions of Microsoft Windows 95.