Bluetooth Attacks

Bluetooth Attack Types

1. Bluejacking

The attacker sends an unsolicited message to a nearby device. The type of message can be an image or text.

2. Blueborne

This type of attack is a virus that is spread through the air. It allows the attacker to take full control of the target device. The target device doesn’t have to be in discoverable mode for the attack to be successful.

3. Bluesnarfing

An attacker accesses a Bluetooth device to steal contact lists, text messages, calendars, and emails. The attackers use tools such as obexftp and hcitool.

4. Bluebugging

This type of attack allows the attacker to enable call forwarding on the target device, the ability to listen in all calls, and can send messages.

Kerberos

KERBEROS

• Kerberos is an authentication protocol
• Kerberos provides SSO (Single Sign-On)
• Uses Port 88 TCP or UDP
• KDC (Key Distribution Center) uses 2 services: Authentication Service and a Ticket Granting Service
• Authentication Service handles authenticating user login requests
• The AS issues a TGT (Ticket Granting Ticket)
• To access any resource within the domain the client quests a Service Ticket
• The TGS (Ticket Granting Service) issues the Service Ticket to the client so they can access the resource
• TGT's are uniques to Kerberos only
• By default, the client and the Kerberos server have to be within a 5-minute window of each other for authentication to succeed. 
• Kerberos provides mutual authentication as the server authenticates to the client.
• Kerberos prevents eavesdropping and MITM attacks. (Man-In-The-Middle)

AAA Services (Authentication, Authorization, and Accounting)

AAA Services

RADIUS: Remote Authentication Dial-in User Service

• Port 1812 UDP
• WPA Enterprise / WPA2 Enterprise both require a RADIUS server.
• RADIUS clients are also referred to as 802.1x clients.
• RADIUS is a client/server protocol.
• Communication between the client and the RADIUS server use UDP
• RADIUS is vendor-neutral
• Only encrypts the passwords

Diameter

• Uses TCP for communication between client and server.
• Considered to be an improvement over RADIUS.
• Diameter also works with VoIP
• Used for both local and remote access

TACACS+: Terminal Access Controller Access-Control System Plus

• TACACS+ provides a more advanced AAA
• Three different servers, Authentication, Authorization, Accounting
• Communicates over TCP
• Uses Port 49 TCP
• Manages routers and switches (Network infrastructure devices)
• Encrypts the entire packet
• TACACS+ is a proprietary protocol

C - I - A: Confidentiality - Integrity - Availability

CIA 

Confidentiality: Making certain information (data) is only viewable by certain people.

1. Encryption is the main method for confidentiality. Whether it is file encryption, full disk encryption, or full device encryption for mobile devices. The user needing to read the information would need a decryption key to decipher the encryption first. 

2. ACL (Access Control Lists) is another method of providing confidentiality. This is not as secure as using encryption. There are different access control methods such as MAC (Mandatory Access Control), DAC ( Discretionary Access Control), Role-BAC (Role-Based Access Control), Rule-BAC (Rule-Based Access Control), and ABAC (Attribute Access Control). These methods and examples will be discussed in a different post.

3. Steganography: With this method, you could hide a document inside of another document, inside a photo, video file, or audio file. The carrier (the file used as the hiding method has to be larger than the file you are trying to hide) looks the same, in the case of the audio or video file they still play. 

Steganography is "Security through Obscurity"

Steganography can be used in some cases to bypass security controls such as DLP (Data Loss Prevention) systems. One way to detect this activity would be to employ file integrity monitoring. That way you would have the original hash and any modification to the file would produce a different hash. 

For the "Use Case" of confidentiality, encryption is used.

Integrity: Making sure that the data has not been altered, changed, corrupted, or modified by intentional or accidental means. 

Verifying integrity is provided through hashing. Hashing is a one-way function that produces a fixed-length output that cannot be reversed to produce the original input.

For the use case of integrity, hashing is used

Availability: This means that the information/data is accessible when the information is needed to modify or view the data.

Many things provide availability such as Load Balancing, Fault Tolerance, Alternate Sites (Hot, Warm, Cold, Mobile), Alternate Power (Generator, UPS), Backups, Patching, RAID, and HVAC.