CAPEC-667

Bluetooth Impersonation AttackS (BIAS)
Gemiddeld
Hoog
Draft
2021-06-24
00h00 +00:00
2022-09-29
00h00 +00:00
CAPEC Mitre.org
Melding voor een CAPEC
Blijf op de hoogte van wijzigingen voor een specifieke CAPEC.
Meldingen beheren

Beschrijvingen CAPEC

An adversary disguises the MAC address of their Bluetooth enabled device to one for which there exists an active and trusted connection and authenticates successfully. The adversary can then perform malicious actions on the target Bluetooth device depending on the target’s capabilities.

Informatie CAPEC

Uitvoeringsstroom

1) Explore

[Find disguise and target] The adversary starts the Bluetooth service on the attacking device and searches for nearby listening devices.

Techniek
  • Knowledge of a trusted MAC address.
  • Scanning for devices other than the target that may be trusted.
2) Experiment

[Disguise] Using the MAC address of the device the adversary wants to impersonate, they may use a tool such as spooftooth or macchanger to spoof their Bluetooth address and attempt to authenticate with the target.

3) Exploit

[Use device capabilities to accomplish goal] Finally, if authenticated successfully the adversary can perform tasks/information gathering dependent on the target's capabilities and connections.

Vereisten

Knowledge of a target device's list of trusted connections.

Vereiste vaardigheden

Adversaries must be capable of using command line Linux tools.
Adversaries must be in close proximity to Bluetooth devices.

Mitigaties

Disable Bluetooth in public places.
Verify incoming Bluetooth connections; do not automatically trust.
Change default PIN passwords and always use one when connecting.

Gerelateerde zwakheden

CWE-ID Zwakheidsnaam

CWE-290

 Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Indiening

Naam Organisatie Datum Releasedatum
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00

Wijzigingen

Naam Organisatie Datum Opmerking
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Related_Attack_Patterns
De informatie die op CVE Find wordt gepresenteerd, is afkomstig van verschillende zorgvuldig geselecteerde referentiebronnen. CVE-gegevens worden geleverd door MITRE Corporation en de National Vulnerability Database (NVD). De Known Exploited Vulnerabilities (KEV)-catalogus is afkomstig van de Cybersecurity and Infrastructure Security Agency (CISA), terwijl EPSS-scores afkomstig zijn van FIRST.org. Daarnaast worden gegevens over softwarezwakheden (CWE) en veelvoorkomende aanvalspatronen (CAPEC) bijgehouden door MITRE Corporation, en informatie over hardware- en softwareconfiguraties (CPE) wordt geleverd door de NVD.