CAPEC-667

Bluetooth Impersonation AttackS (BIAS)
Moyen
Haute
Draft
2021-06-24
00h00 +00:00
2022-09-29
00h00 +00:00
CAPEC Mitre.org
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Gestion des notifications

Descriptions du CAPEC

An adversary disguises the MAC address of their Bluetooth enabled device to one for which there exists an active and trusted connection and authenticates successfully. The adversary can then perform malicious actions on the target Bluetooth device depending on the target’s capabilities.

Informations du CAPEC

Flux d'exécution

1) Explore

[Find disguise and target] The adversary starts the Bluetooth service on the attacking device and searches for nearby listening devices.

Technique
  • Knowledge of a trusted MAC address.
  • Scanning for devices other than the target that may be trusted.
2) Experiment

[Disguise] Using the MAC address of the device the adversary wants to impersonate, they may use a tool such as spooftooth or macchanger to spoof their Bluetooth address and attempt to authenticate with the target.

3) Exploit

[Use device capabilities to accomplish goal] Finally, if authenticated successfully the adversary can perform tasks/information gathering dependent on the target's capabilities and connections.

Conditions préalables

Knowledge of a target device's list of trusted connections.

Compétences requises

Adversaries must be capable of using command line Linux tools.
Adversaries must be in close proximity to Bluetooth devices.

Atténuations

Disable Bluetooth in public places.
Verify incoming Bluetooth connections; do not automatically trust.
Change default PIN passwords and always use one when connecting.

Faiblesses connexes

CWE-ID Nom de la faiblesse

CWE-290

 Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Soumission

Nom Organisation Date Date de publication
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00

Modifications

Nom Organisation Date Commentaire
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Related_Attack_Patterns
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.