Bluebugging is a form of Bluetooth attack often caused by a lack of awareness. It was developed after the onset of bluejacking and bluesnarfing. Similar to bluesnarfing, bluebugging accesses and uses all phone features but is limited by the transmitting power of class 2 Bluetooth radios, normally capping its range at 10–15 meters. However, the operational range has been increased with the advent of directional antennas.
Bluebugging was developed by the German researcher Martin Herfurt in 2004, one year after the advent of bluejacking. Initially a threat against laptops with Bluetooth capability, it later targeted mobile phones and PDAs.
Bluebugging manipulates a target phone into compromising its security, this to create a backdoor attack before returning control of the phone to its owner. Once control of a phone has been established, it is used to call back the hacker who is then able to listen in to conversations. The Bluebug program also has the capability to create a call forwarding application whereby the hacker receives calls intended for the target phone.
A further development of Bluebugging has allowed for the control of target phones through Bluetooth phone headsets, It achieves this by pretending to be the headset and thereby "tricking" the phone into obeying call commands. Not only can a hacker receive calls intended for the target phone, he can send messages, read phonebooks, and examine calendars.
- Gary Legg (2005-08-04). "The Bluejacking, Bluesnarfing, Bluebugging Blues: Bluetooth Faces Perception of Vulnerability". EE Times. Retrieved 2009-03-07.
- Bluejackingtools (2005-08-04). "Bluebugging and Bluejacking". Bluejackingtools.
- "Bluetooth Devices Easily Hacked". Cape Town 24 News. 2007-10-23. Archived from the original on 2012-06-27. Retrieved 2012-06-26.
- "Buffer Overrun in Toshiba Bluetooth Stack for Windows", Seclists.org; retrieved 3 April 2011