CAPEC-667 Metadata
Likelihood of Attack
Medium
Typical Severity
High
Overview
Summary
An adversary disguises the MAC address of their Bluetooth enabled device to one for which there exists an active and trusted connection and authenticates successfully. The adversary can then perform malicious actions on the target Bluetooth device depending on the target’s capabilities.
Prerequisites
Knowledge of a target device's list of trusted connections.
Execution Flow
| Step | Phase | Description | Techniques |
|---|---|---|---|
| 1 | Explore | [Find disguise and target] The adversary starts the Bluetooth service on the attacking device and searches for nearby listening devices. |
|
| 2 | Experiment | [Disguise] Using the MAC address of the device the adversary wants to impersonate, they may use a tool such as spooftooth or macchanger to spoof their Bluetooth address and attempt to authenticate with the target. |
|
| 3 | Exploit | [Use device capabilities to accomplish goal] Finally, if authenticated successfully the adversary can perform tasks/information gathering dependent on the target's capabilities and connections. |
|
Potential Solutions / Mitigations
Disable Bluetooth in public places. Verify incoming Bluetooth connections; do not automatically trust. Change default PIN passwords and always use one when connecting.
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-290 | Authentication Bypass by Spoofing |
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-616 | An adversary provides a malicious version of a resource at a location that is similar to the expected location of a legitimate resource. After establishing the rogue location, the adversary waits for a victim to visit the location and access the malicious resource. |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.