Page 837 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 837
extract information from them. This form of attack can offer attackers
access to your contact lists, your data, and even your conversations.
Bluebugging is an attack that grants hackers remote control over the
feature and functions of a Bluetooth device. This could include the
ability to turn on the microphone to use the phone as an audio bug.
Fortunately, Bluetooth typically has a limited range of 30 feet, but
some devices can function from more than 100 meters away.
Bluetooth radios and antennas are classified by their maximum
permitted power. The classes are shown in Table 11.11.
TABLE 11.11 Classes of Bluetooth devices
Class Maximum permitted power Typical range
1 100 mW 100 m
2 2.5 mW 10 m
3 1 mW 1 m
4 .5 mW .5 m
Bluetooth devices sometimes employ encryption, but it is not dynamic
and can usually be cracked with modest effort. Use Bluetooth for those
activities that are not sensitive or confidential. Whenever possible,
change the default PINs on your devices. Do not leave your devices in
discovery mode, and always turn off Bluetooth when it’s not in active
use.
RFID
Radio Frequency Identification (RFID) is a tracking technology based
on the ability to power a radio transmitter using current generated in
an antenna when placed in a magnetic field. RFID can be
triggered/powered and read from a considerable distance away (often
hundreds of meters). RFID can be attached to devices or integrated
into their structure, such as notebook computers, tablets, routers,
switches, USB flash drives, portable hard drives, and so on. This can
allow for quick inventory tracking without having to be in direct
physical proximity of the device. Simply walking into a room with an
RFID reader can collect the information transmitted by the activated
chips in the area.
