UNIT V: WIRELESS NETWORK SECURITY

Wireless Fundamentals:
Wireless Communication: is a type of communication method that allows for the exchange of
information between two or more points without need for any physical connection like electric
cable or wire. Instead, the wireless communication uses electromagnetic waves at radio or micro
frequencies. Due to no physical limitations, it allows for transmitting information over very large
distance across globe.
Block Diagram of Wireless Communication:

Key components −
 Information Source − It is the device that generates information that has to be
transmitted. Examples of information source in wireless communication can be a mobile
phone, computer, POS device, etc.
 Source Encoder − This component is responsible for encoding the information from the
source into a form that can be transmitted through the channel.
 Channel Coder − This component adds extra bits to the original information to protect it
from errors during transmission.
 Modulator − It transforms the information into a signal suitable for transmission over the
wireless communication channel. It combines the information signal with a carrier signal
of higher energy.
 Multiplexer − This component combines multiple signals into one signal to improve
transmission efficiency and resource utilization.
 Propagation Channel − It is the wireless medium through which information signals
travel to the destination. In wireless communication, air or free space is used as the
propagation channel.
  Equalizer − This component is employed for compensating the distortions in the
information signal that might be caused during transmission through the propagation
channel.
 Demodulator − The demodulator is used in wireless communication to retrieve the
original information from the received modulated signal. It separates the information
signal from the carrier signal.
 Channel Decoder − This component is provided to remove the extra bits added by the
channel coder during transmission.
 Source Decoder − This component performs reverse process of the source encoder and
reconstructs the original information message sent by the information source.
 Information Sink − It represents the destination of the transmitted information and is the
device that receives the message.
Types of Wireless Communication Networks
Depending on the needs, there are several different types of wireless communication
systems/networks present. Some major types of wireless communication networks are explained
here in this section.
1. Wireless LAN
Wireless LAN (Local Area Network), also referred to as WLAN, is a wireless communication
network that makes the use of radio waves to connect different nodes in the network. It is used
within a limited area like in a home or office. Wi-Fi is a common example of wireless LAN.
2. Wireless WAN
Wireless WAN, also known as Wireless Wide Area Network (WWAN), is a large-scale wireless
communication network that connects devices over wide areas like across cities or entire
country. It is also known as mobile broadband. For wireless connectivity, it uses cellular
technologies such as 3G, 4G, 5G, etc. Mobile internet and voice over internet protocol are
common examples of wireless WAN.
3. Wireless MAN
Wireless MAN, also known as Wireless Metropolitan Area Network (WMAN), is a wireless
communication network which is larger than WLAN but smaller than WWAN. This network is
designed to provide wireless connectivity within a city or neighboring cities.
4. Fixed Wireless Networks
Fixed wireless networks are used to provide internet facilities to homes and businesses in rural
areas or areas where physical connectivity becomes uneconomical. Fixed wireless networks are
generally used as the alternatives of satellite communication in remote areas.
5. Wireless PAN
Wireless PAN or Wireless Personal Area Network is a type of wireless communication system
that used to connect devices within a very short range. It is used in personal areas like within a
room or house. Bluetooth is a common example of WPAN.
Advantages of Wireless Communication
 Wireless communication is cost effective, as it requires small investment to setup and
maintain due to fewer physical components.
 Wireless communication offers higher flexibility in terms of scalability.
 Wireless communication found compatible with new technologies.
 Wireless communication encourages mobile connectivity by providing access to
resources from any location.
 Wireless communication enhances user experiences by eliminating the need for physical
connections.
Disadvantages of Wireless Communication
 Design and implementation of wireless communication requires extensive research and
technical expertise.
 Wireless communication is more vulnerable to security risks.
 Advanced components of wireless communication systems consume more power.
 Finding faults and issues in wireless communication networks is relatively a more difficult
task.
 Development of new wireless technologies and standards can result uncertainty in
budgeting for individuals or organizations.
Applications of Wireless Communication
Wireless communication plays a vital role in providing connectivity across various fields. Some
of the key applications of wireless communication are given here −
 Wireless communication is serving as the backbone of cellular networks for transmitting
voice, text, and internet data in mobile devices and networks.
  Wi-Fi, which is a wireless local area network, provides wireless communication among
devices like smartphones, laptops, tablets, etc.
 Wireless communication is also used in Bluetooth or other wireless personal area
networks to provide connectivity over a short-range between devices like smartphones,
headphones, keyboard and mouse, smartwatches, etc.
 Wireless communication is also used in home automation and office automation systems.
 Satellite based wireless communication forms the basis of long-distance communication
services such as GPS navigation, TV or radio broadcasting, internet access in remote
areas, etc.
 Wireless communication is also used to provide connectivity in the conditions of natural
disaster or emergency.
 Wireless communication is used in healthcare sector as well to provide services like
telemedicine, remote patient monitoring and consulting, etc.
Wireless Terminologies:
1. Frequency – The number of cycles per second in a wireless signal, measured in Hertz
(Hz).
2. Bandwidth – The range of frequencies a wireless channel can use, affecting data
transmission speed.
3. Modulation – The process of encoding data onto a carrier signal (e.g., AM, FM).
4. Spectrum – The entire range of electromagnetic waves used for wireless communication.
5. Latency – The time delay in data transmission over a network.
6. Throughput – The actual data transfer rate over a wireless network.
7. Interference – Signal disruption caused by other devices operating on the same
frequency.
8. Multipath – Signal reflections causing phase shifts and fading.
9. MIMO (Multiple Input Multiple Output) – Uses multiple antennas to enhance data
transmission.
10. SSID (Service Set Identifier) – The unique name of a Wi-Fi network.
11. BSSID (Basic Service Set Identifier) – The MAC address of a wireless access point.
12. Roaming – The ability of a device to switch between different access points seamlessly.
13. Handoff – The process of transferring a mobile device from one network to another.
 14. Cellular Network – Wireless communication network divided into cells, managed by base
stations.
15. Bluetooth – Short-range wireless technology for device connectivity.

Wireless Standards:

Wireless Topologies:
Uses of Wireless Networks:
Real-Time Uses of Wireless Networks

Category Real-Time Applications

Mobile Cellular networks (2G, 3G, 4G, 5G) for voice calls, video calls, and
Communication internet browsing.

Wi-Fi & Home Wireless internet for streaming, gaming, smart home automation (Alexa,
Networks Google Home).

Wireless patient monitoring, telemedicine, remote surgery, wearable

Healthcare
health devices.

GPS navigation, vehicle-to-vehicle (V2V) communication, smart traffic

Transportation
control.

Wireless sensors in factories, remote machine monitoring, robotic

Industrial IoT (IIoT)
automation.

Emergency response communication (police, fire, ambulance), disaster

Public Safety
recovery networks.
 Category Real-Time Applications

Smart Cities Wireless surveillance cameras, smart streetlights, air quality monitoring.

Contactless payments (NFC, QR codes), wireless POS systems,

Retail & Payments
inventory tracking.

Online learning, digital classrooms, virtual labs with wireless

Education
connectivity.

Entertainment & Live streaming, wireless gaming, augmented reality (AR) and virtual
Media reality (VR).

WEP (Wired Equivalent Privacy) Encryption – Weaknesses and security risks:

What is WEP?
WEP (Wired Equivalent Privacy) was one of the first security protocols for Wi-Fi networks. It was
designed to provide confidentiality like wired networks by encrypting data over wireless
communication. WEP is outdated and insecure, making it vulnerable to attacks.

WEP (Wired Equivalent Privacy) – Weaknesses and Security Risks

Weakness Explanation (Simple Terms) Real-World Example

WEP uses 40-bit or 104-bit Hackers can use free tools to break
Weak
encryption, which is too short and WEP encryption in minutes and
Encryption
easy to crack. access your Wi-Fi.

WEP uses a fixed encryption key,

If one device is hacked, all devices
Static Keys meaning all devices on the network use
using the same WEP key are at risk.
the same key.

WEP encryption uses an Initialization

Vector (IV), which is too short (24 In cyber cafes or airports, attackers
Easily Hacked
bits) and can be repeated often. can sniff traffic, crack the WEP key,
(IV Attack)
Hackers can collect data packets and and steal login details.
crack the WEP key.

No Protection WEP doesn’t prevent attackers from A hacker can capture login requests
Against Replay resending captured data packets, and replay them to gain access to a
Attacks leading to unauthorized access. Wi-Fi network.
 Weakness Explanation (Simple Terms) Real-World Example

WEP does not verify if the connecting Hackers can set up a fake Wi-Fi
No
device is legitimate, making it network with the same name, trick
Authentication
vulnerable to fake access points (Evil users into connecting, and steal
Control
Twin Attack). sensitive information.

Modern Wi-Fi routers no longer

Deprecated (Not WEP was officially replaced by WPA
support WEP, and many devices
Used Anymore) and WPA2 due to its weak security.
block WEP networks.

Why You Should NEVER Use WEP Today

 Hackers can break WEP encryption in minutes using tools like Aircrack-ng.
 Most modern routers do not support WEP anymore because it's too weak.
 Use WPA2 or WPA3 for secure Wi-Fi instead.

Real-World Examples of WEP Attacks

1️Public Wi-Fi in Cafes & Airports
 Some old public Wi-Fi networks still use WEP.
 Hackers can easily crack the WEP key and steal login details of users.
2️Home Wi-Fi Hacking
 If an old router uses WEP, an attacker nearby can break the password in minutes and
use your internet for illegal activities.
3️Corporate Network Breach
 Some older office networks using WEP have been compromised, leading to data leaks
and security breaches.

What Should You Use Instead?

🔹 WPA2 (Wi-Fi Protected Access 2) – Stronger encryption, widely used.
🔹 WPA3 (Wi-Fi Protected Access 3) – The latest and most secure Wi-Fi encryption.

WPA2 Encryption – Improved encryption standards:

What is WPA2?
WPA2 (Wi-Fi Protected Access 2) is a security protocol used to protect wireless networks from
unauthorized access. It was introduced in 2004 as an improvement over WEP (Wired
Equivalent Privacy) and WPA (Wi-Fi Protected Access). WPA2 is more secure than its
predecessors and is widely used in home, office, and public Wi-Fi networks.

Improvements in WPA2 Over WEP & WPA

WEP (Old
Feature WPA (Better but Still Vulnerable) WPA2 (Strong & Secure)
& Weak)

Encryption RC4 (Weak TKIP (Temporal Key Integrity AES (Advanced Encryption
Algorithm & outdated) Protocol) Standard) (Strong & secure)

40-bit / 256-bit (More secure &

Key Size 128-bit (Dynamic key changes)
104-bit reliable)

Easily
Security Vulnerable to brute force & replay Very secure (unless weak
hacked in
Weakness attacks passwords are used)
minutes

Protection
❌ No
Against ⚠️Partial protection ✅ Strong protection
protection
Attacks

❌ No longer ✅ Used in most modern Wi-Fi

Usage ⚠️Some old devices still use it
used networks

Key Features of WPA2

1️AES Encryption (Advanced Encryption Standard)
 Stronger & unbreakable encryption used by governments and enterprises.
 Protects data from hackers even if intercepted.
2️CCMP (Counter Mode Cipher Block Chaining Message Authentication Code Protocol)
 Replaces TKIP from WPA, making it more secure.
 Prevents replay attacks by using a unique encryption key for each session.
3️Dynamic Key Exchange
  Generates a new encryption key for every session, unlike WEP, which uses static
keys.
 Prevents hackers from reusing old session keys.
4️Better Protection Against Brute Force Attacks
 WPA2 has built-in defenses against brute-force attempts to guess passwords.

Real-World Use Cases of WPA2

Home Wi-Fi Networks – Most routers today default to WPA2 for security.
Corporate Wi-Fi Networks – WPA2 with Enterprise authentication secures company
networks.
Public Wi-Fi (Airports, Cafes, Hotels) – WPA2 encrypts data to prevent hacking.
Banking & Financial Transactions – Many secure applications require WPA2-protected
networks.

WPA2 Weakness – The KRACK Attack (2017)

Even though WPA2 is highly secure, researchers discovered the KRACK (Key Reinstallation
Attack) vulnerability in 2017, which allowed attackers to intercept data.

How to Secure Your Wi-Fi with WPA2?

1️Check Router Settings – Ensure WPA2-PSK (AES) is enabled.
2️Use a Strong Password – Avoid simple passwords; use a mix of letters, numbers, and
symbols.
3️Disable WPS (Wi-Fi Protected Setup) – WPS makes networks vulnerable to hacking.
4️Update Router Firmware – Install updates to fix vulnerabilities.

Why Use WPA2?

🔹 Stronger encryption (AES) than WEP/WPA.
🔹 Harder to hack unless weak passwords are used.
🔹 Widely supported by modern routers and devices.

WEP vs. WPA vs. WPA2

Wireless Security Threats:

1] Eavesdropping:

 Eavesdropping attacks, also called sniffing or snooping attacks, are a major concern
regarding cyber security.
 Attackers exploit vulnerabilities in communication channels to access confidential
information, which can include personal details, financial data, and proprietary business
information.
 They don’t raise any sort of alert during transmission because they take advantage of
unsecured network communications to access data while it is being sent or received by its
user.
 Eavesdropping attacks are insidious because it’s difficult to know they are occurring. Once
connected to a network, users may unwittingly feed sensitive information — passwords,
account numbers, surfing habits, or the content of email messages — to an attacker.
  For instance, imagine discussing company’s new project in a coffee shop. If someone nearby
listens in and notes down key details, it’s like an attacker intercepting sensitive digital
communication. If this sharing is through an open network at this point, a cyber attacker can
silently intrude and place some software through which he can eavesdrop on the network
pathway and capture all the important information. These attacks can result in financial loss,
identity theft or privacy loss, etc.

Types of Eavesdropping Attacks

 Passive Eavesdropping
In passive eavesdropping, the attacker silently monitors and picks up the communication
without changing or meddling with the data flow therefore difficult to identify this kind of
assault as it doesn’t cause any disturbance in the network’s common behavior.
Example:
Consider that you are in a coffee shop discussing the same project with your
colleague. Someone at the next table quietly listens to your conversation and notes down all
the details without you noticing. They don’t interfere with your conversation but gather enough
information to use it against you or your business later.

 Active Eavesdropping
Active eavesdropping involves the attacker inserting themselves into the communication
channel, often by posing as a legitimate participant. This type of attack can manipulate the data
being transmitted, leading to more severe consequences.
Example:
Imagine you are having a phone conversation with a colleague discussing sensitive
project details. An attacker manages to tap into the call and not only listens in but also
pretends to be your colleague. They ask you for additional sensitive information or change
details about the project, leading you to make decisions based on false information. This
 manipulation can cause significant harm, such as data breaches, financial losses, or project
sabotage.

Difference Between Active and Passive Eavesdropping

Aspect Active Eavesdropping Passive Eavesdropping

Involves the attacker actively inserting Involves the attacker silently listening
Definition themselves into the communication to the communication without
channel. interfering.

Interactio The attacker interacts with and can alter The attacker does not interact with or
n the communication. alter the communication.

More likely to be detected due to the Harder to detect since there is no

Detection
manipulation of data. alteration of data.

Can lead to more severe consequences, Primarily involves data theft without
Impact
such as data modification and fraud. immediate disruption.

A person quietly listening to a

A hacker intercepting and altering
Example confidential conversation in a public
messages between two parties in a chat.
place.

How to Prevent Eavesdropping Attacks

 Avoid using public Wi-fi networks.
 Use a virtual private network (VPN).
 Encrypting data ensures that even if it is intercepted, it remains unreadable to unauthorized
parties. Implementing strong encryption protocols for all sensitive communications is a crucial
step in preventing eavesdropping attacks.
 Set strong passwords and change them frequently.
 Don’t repeat passwords for every site you register in.
 Protect your pc with an antivirus and keep it updated.
 Use a personal firewall.
 Avoid clicking on shady or dodgy links.
 Educating employees about the risks of eavesdropping attacks and promoting best practices
for secure communication can help in minimizing human errors that could lead to security
breaches.
 Make sure your phone is using the latest version available of its operating system.
 Download apps only from trusted sources like Android or Apple stores.
 Military-grade encryption is a great way to defend against an eavesdropping attack as it will
take attackers around 500 billion years to decode it.

2] Rogue APs:
  A rogue access point, or rogue AP, is an unauthorized wireless device installed on a
network without the consent of a network administrator.
 These may be set up by malicious actors or even unwitting employees using personal
routers.
 Rogue APs bypass your organization’s security controls, opening the door to possible data
breaches.
 Rogue APs may be connected physically or wirelessly to a network.
 Once installed, it acts as a backdoor for cybercriminals to gain access to critical company
data, compromise devices, or inject malware.

Dangers of rogue access points

Serving as a beachhead, rogue access points can expose your network to every kind of cyber
threat imaginable, which can then dramatically drive costs to your bottom line, operations, or even
brand reputation if left unchecked.

3] MITM Attacks

 Man In The Middle Attack implies an active attack where the attacker/Hacker creates a
connection between the victims and sends messages between them or may capture all the
data packets from the victims.
 In this case, the victims think that they are communicating with each other, but in reality, the
malicious attacker/hacker controls the communication i.e. a third person exists to control and
monitor the traffic of communication between the two parties i.e. Client and Server.
Types of Man In The Middle Attack :
Here, we will discuss the types of Man In The Middle Attack as follows.
1. ARP Spoofing –
ARP Stands for Address Resolution Protocol. This protocol is used for resolving IP addresses
to machine MAC addresses. All the devices which want to communicate in the network,
broadcast ARP-queries in the system to find out the MAC addresses of other machines. ARP
Spoofing is also known as ARP Poisoning. In this, ARP poisoning, ARP packets are forced to
send data to the attacker’s machine. ARP Spoofing constructs a huge number of forced ARP
requests and replies packets to overload the switch. The intention of the attacker all the
network packets and switch set in forwarding mode.

2. DNS Spoofing –
Similar to ARP, DNS resolves domain names to IP addresses. DNS spoofing is very
dangerous because in this case a hacker will be able to hijack and spoof any DNS request
made by the user and can serve the user fake web pages, fake websites, fake login pages,
fake updates, and so on.
Man In The Middle Attack Techniques :
Here, we will discuss the Man In The middle attack techniques as follows.
 Packet Sniffing
 Session Hijacking
 SSL stripping
 Packet Injection
Man in Middle Attack using ARP spoofing :
Here we will discuss the steps for Man in Middle Attack using ARP spoofing as follows.
Step-1:
ARP spoofing -It allows us to redirect the flow of packets in a computer network. Example of a
typical Network as follows.
A Typical Computer Network
Step-2 :
But when a hacker becomes Man-In-The-Middle by ARP Spoofing then all the requests and
responses start flowing through the hacker’s system as shown below –

computer network after ARP spoofing

Step-3 :
By doing this a hacker spoof’s the router by pretending to be the victim, and similarly, he spoofs the
victim by pretending to be the router.
How to do an ARP Spoof Attack :
We can do an ARP Spoof attack using the built-in tool called ARPSPOOF in Kali Linux, or we can
also create an ARP Spoof attack using a python program.
Execution steps :
Here, we will discuss the execution steps as follows.
Step-1:
We can run the built-in “ARPSPOOF’” tool in Kali Linux. In case the ARPSPOOF tool is not present,
install the tool by running the following command as follows.
apt install dsniff
Step-2 :
To run this attack we need two things Victim machine’s IP address & the IP of Gateway. In this
example, we are using a Windows Machine as our victim and Kali Machine to run the attack. To
know the victim machines IP address and gateway IP by running the following command in both the
Windows machine and Linux Machine as follows.
arp -a
Output :
This will show us the following Outputs as follows.
Victim Machine (Windows Machine) –

windows machine
Attacker Machine (Kali Linux) –
From these, we can observe that the IP address of the Windows machine is 10.0.2.8 and the IP and
MAC addresses of the gateway are 10.0.2.1 and 52:54:00:12:35:00, also the MAC address of our
Kali Machine is 08:00:27:a6:1f:86.
Step-3 :
Now, write the following commands to perform the ARP Spoof attack.
arpspoof -i eth0 -t 10.0.2.8 10.0.2.1
Here eth0 is the name of the interface, 10.0.2.8 is the IP of the Windows machine and 10.0.2.1 is the
IP of the gateway. This will fool the victim by pretending to be the router. So again we will run the
above command one more time by switching its IP addresses as follows.
arpspoof -i eth0 -t 10.0.2.1 10.0.2.8
Output :
Attacker Machine (Kali Linux) –
This shows that our ARP Spoof attack is running, and we have successfully placed our system in the
middle of the client and server.
ARP Spoof attack running
We can also check it by running the command as follows.
arp -a
Output :
In the output screen, you can observe that the MAC address of the gateway is changed to the MAC
address of Kali Machine. Now all the data packets will flow through our Kali machine. Also, you can
see that the internet connection of the victim machine is not working because it’s the security feature
of Linux, which does not allow the flow of packets through it. So we need to enable Port Forwarding
so that this computer will allow the packets to flow through it just like a router.
Step-4 :
To enable Port Forwarding to run the command as follows.
echo 1 > /proc/sys/net/ipv4/ip_forward
Output :
This command will again establish the Internet connectivity of the victim computer. In this way, we
can become the Man-In-The-Middle by using the ARP Spoof attack. So all the requests from the
victim’s computer will not directly go to the router it will flow through the attacker’s machine and the
attacker can sniff or extract useful information by using various tools like Wire Shark, etc. as shown
below as follows.
Wire Shark – used to sniff useful information from the packets.

Bluetooth Threats:

Bluetooth:

 Bluetooth is a standard protocol that is used for connecting many other devices.
 These devices can be other computers, laptops, smartphones, or other I/O devices.
 Bluetooth uses radio transmissions to communicate with a frequency range similar to Wi-Fi.
 Bluetooth uses low power when compared to other mediums of information. Bluetooth
devices always pair with each other for any form of data transfer, depending on the device’s
security and how it sometimes connects.
 It just needs to find other devices in its environment, whereas in some cases, it asks the user
to enter the pin to connect to the other device.
 Due to its functionality of being able to send the data or any other sensitive information,
Hackers sometimes use this feature to their advantage if your Bluetooth device isn’t locked
down properly.
 Bluetooth is available on every other device, so it has become even more prone to attacks,
and hackers take advantage of the lack of awareness of Bluetooth attacks. Through a
Bluetooth attack, a hacker can spam your devices with all kinds of malware and spyware, and
even steal data from them.
Bluejacking

 Bluejacking is used for sending unauthorized messages to another Bluetooth device.

Bluetooth is a high-speed but very short-range wireless technology for exchanging data
between desktop and mobile computers and other devices. Bluetooth has a very small range
so only when a person is within 10 (highly location dependent) meters distance of a
bluejacker and his Bluetooth enabled in his device, does bluejacking happen.
 Bluejacking involves sending unsolicited business cards, messages, or pictures. The
bluejacker discovers the recipient’s phone via doing a scan of Bluetooth devices. He would
then select any device, craft a message as is allowed within the body of the phone’s contact
interface.
 The messages are anonymous to the recipient as only the mobile name and model number of
the bluejacker’s phone are displayed in the message. The only exception to the 10 meters
distance is the involvement of a laptop, which can be done within a 100-meter range of the
recipient.
 Although there is an infringement of territory of the recipient, bluejacking is not illegal, as it
does not access the resources of the recipient device and does not steal anything either.

Steps To Bluejack A Device

1. Bluejacker opens his contacts and creates a new contact.
2. He does not save a name and number rather he saves the message in place of the contact
and does not need to save a number (It is optional if he wants to send a business card, he
can save the number).
3. He would scan for nearby Bluetooth devices.
4. He would then share the contact with the Bluetooth device connected.
5. The message will reach the recipient and he will have no clue as to who had sent the
message.

Advantages
 Low cost.
 Easy to use.
 It can also penetrate through walls.
 It creates an Adhoc connection immediately without any wires.
 It is used for voice and data transfer.

Disadvantages
 It can be hacked and hence, less secure.
 It has a slow data transfer rate: 3 Mbps.
 It has a small range: 10 meters.

Bluesnarfing:

 Bluesnarfing is a hacking technique that is used to retrieve data from a victim’s device.
 Bluesnarfing attacks happen when your Bluetooth is on and set on “discoverable to others”
mode.
  To launch a Bluesnarfing attack, the attacker needs to exploit the object exchange protocol
(OBEX protocol) to exchange information between the wireless devices.
 OBEX is a vendor-independent protocol implemented on different operating systems.
 Hackers can pair themselves with the victim’s device. Then the attackers can retrieve the
data from the victim’s device if their firmware protection is not that strong.

How Does Bluesnarfing Work?

Bluetooth Object Exchange (OBEX) is a protocol for communications that helps to transfer data in
binary files between Bluetooth devices while Bluesnarfing exploits the weaknesses of Bluetooth
Object Exchange (OBEX) protocol found in most mobile phones, laptops, and smart devices.

1. Device Discovery: In this the attacker use the Bluetooth hacking tools so that they can scan
for the Bluetooth devices discovery in the area. Example, hcitool scan, BTScanner, Bluelog
etc.
2. Vulnerability Exploitation: Than the attacker look for devices which have weak security
configurations and also see the older Bluetooth versions (like Bluetooth 1.1, 1.2, and 2.0) and
find the vulnerability in it than they exploit the weaknesses in Bluetooth security protocols,
particularly in older devices that accept OBEX Push without authentication.
3. Unauthorized Access: Once a vulnerable device is identified than the attacker sends a
crafted request to the victim’s Bluetooth enabled device to establish a connection without the
user’s consent or without any authentication.
4. Data Extraction: After bypassing the authentication by abusing vulnerabilities in the OBEX
Push Profile (OPP). They connected to the victim after that they run the script or hacking tool
which is used to initiate the attack and the hacker can access and download stored contacts,
SMS messages, calendar entries, call logs, emails, and even personal files.
 5. Silent Operation: In this type of attack the victim is typically unaware that device is hacked or
compromised by the attacker because Bluesnarfing occurs without notifications or visible
prompts and after that the attacker disconnects immediately after extracting the data.

Prevention from Bluesnarfing

 Keep the Bluetooth off or in non-discoverable mode when it is not in use. Keeping it off is
recommended as a device in non-discoverable mode has little chance of being attacked as a
hacker can still Bluesnarf it by guessing the victim’s MAC address via a brute force attack.
 Do not accept any connection requests from strangers or ones you don’t recognize.
 The advanced security features such as two-factor authentication and pin must be activated
on your devices; then, all connection requests will require your approval before connecting.
 Regularly update your device’s software to install new packages fixing the vulnerabilities.

Comparison between Bluejacking and Bluesnarfing :

S.
No. Category Bluejacking Bluesnarfing

Bluejacking is a technology Bluesnarfing is hacking

based on bluetooth that is used someone’s information
1. Description to send anonymous messages illegally from a bluetooth
between 2 devices which are connected device through
connected by bluetooth. Bluetooth.

Person The person who bluejacks is The person who bluesnarfs

2.
involved called a Bluejacker. is called a Bluesnarfer.

3. Carrier It requires no carrier. It requires no carrier.

It is used to send anonymous

It is used to steal
messages to devices which
4. Use information from Bluetooth
have an active Bluetooth
activated devices.
connection.

Bluejacking is not illegal as it

5. Legality Bluesnarfing is illegal.
does not involve theft.

The user does not incur any The user incurs no cost
6. Cost to user
cost while bluejacking. while bluesnarfing.

Information The information is sent by the The information is received

7.
flow Bluejacker. by the Bluesnarfer.
 S.
No. Category Bluejacking Bluesnarfing

Tracing of Bluejacker is very Tracing of Bluesnarfer is

8. Traceability
difficult. also very difficult.

Active Bluetooth is
Active Bluetooth is necessary
Use of necessary in both the
9. in both the Bluejacker’s device
bluetooth Bluesnarfer’s device and
and the victim’s device.
the victim’s device.

Switching off Bluetooth when Switching off Bluetooth

10. Prevention
not required. when not required.

Bluebugging:

 What is it? It is a form of hacking that lets attackers access a device through its
discoverable Bluetooth connection.
 Once a device or phone is bluebugged, a hacker can listen to the calls, read and send
messages and steal and modify contacts.
 It started out as a threat for laptops with Bluetooth capability. Later hackers used the
technique to target mobile phones and other devices.
 This attack is often limited due to the range of Bluetooth connections, which goes up to
only 10 meters.

Process:
o Bluebugging attacks work by exploiting Bluetooth-enabled devices.
 o The device’s Bluetooth must be in discoverable mode, which is the default setting
on most devices.
o The hacker then tries to pair with the device via Bluetooth.
o Once a connection is established, hackers can use brute force attacks to bypass
authentication.
o They can install malware in the compromised device to gain unauthorised access
to it.

 Bluetooth attacks:
Data
Theft Device User
Attack Type Objective How It Works Risk Control Awareness

Exploits OBEX
protocol No
Bluesnarfing Data Theft High No
vulnerabilities to notifications
access files

Sends unsolicited User

Bluejacking Spam & Pranks messages to nearby Low No receives a
Bluetooth devices message

Installs backdoors to
Device Often
Bluebugging remotely control the High Yes
Takeover unnoticed
device

Captures Bluetooth
Bluetooth No
Eavesdropping packets to spy on Medium No
Sniffing notifications
conversations

Exploits Bluetooth
Blueborne Remote Code Very No pairing
security flaws to take Yes
Attack Execution High needed
over devices