Unfortunately, however, the magic of Bluetooth does not stop at simply sending business cards with invitations to Toothing and the subsequent meeting in the ‘real’ world, whatever its purpose.
In fact, as I mentioned in the previous paragraph, during the sending of the business card the two devices are not actually connected to each other, as it is only the BUSINESS CARD data packet that travels from one phone to the other. However, there is another connection method, which is used to synchronize the phone with a PC, a PDA, or a Wi-Fi network. This type of connection is established through “pairing,” specifically creating a permanent and lasting connection with other Bluetooth devices considered trusted and allowing the exchange of data among them that is not limited to simple business cards. This type of connection is called “trusted” and enables browsing all the contents of the connected device, copying, modifying, and retrieving them. Naturally, as we will see in detail later, this phenomenon creates significant risks of intrusion, damage, and unauthorized data appropriation, although most people who walk around with their Bluetooth-enabled phone activated and visible to everyone have never thought about it and may not even know the danger of this technique. It is important to remember that sending a business card via Bluetooth does not create a “pairing” and therefore “trusted” connection, and thus there is no true access to the computer system: as we have seen, it is only the business card that is introduced into the other phone with a margin of 180 available characters. Perhaps not everyone knows that with an SNARF type attack, the attacker can gain practically complete access to the potential victim’s phone, and therefore access personal information such as the address book, messages, videos, photos, resulting in a privacy invasion, but it doesn’t stop there, because the ‘malefactor’ could also cause financial damage if desired, as in the case of a ‘trusted’ connection they could use the victim phone’s GPRS and WAP internet connection, make calls, send messages, and much more. It is unthinkable that the attacker can extract the IMEI (International Mobile Equipment Identity) code of your mobile phone, which uniquely identifies your phone and is illegally used in Phone Cloning, namely the already much-discussed illegal Cloning operations.
Pubblicato in Digital Tools
Be the first to comment