Wireless Security - Bluetooth Hacking


Bluetooth is the wireless communication technology (described under IEEE 802.15.1 standard), that works over limited distances (typically around 10m, but can go up to 30m according to standard). It works on the same frequency range as the 2.4 GHz WLAN deployments (from 2.4 GHz to 2.485 GHz), therefore using the Bluetooth communication would interfere with WLAN networks, if both of them are used in the same area.

Bluetooth communication

In order to communicate with another device using Bluetooth technology, you need a special Bluetooth card. A regular Wi-Fi card that you use on your laptop or smartphone is for 802.11 technology, and it is not compatible with Bluetooth based on the 802.15 standard. Examples of some very good Bluetooth dongles that you can find in the market are −

Both of these are compatible with Kali Linux system. I am personally using CSR4.0 model in this chapter.

Bluetooth devices can operate in one of the three available security models −

  • Security Mode 1 - Unprotected − In this mode, no encryption or authentication is used. The Bluetooth device itself works in a non-discriminating mode (broadcasting).

  • Security Mode 2 - Application/Service Based − In this mode, once a connection is established, a Security Manager performs authentication, thereby restricting access to the device.

  • Security Mode 3 - Link-Layer PIN Authentication/MAC Address Encryption − Authentication is performed before a connection is established. Even though encryption is used, the device can still be compromised.