Contents |
The Snarf attack is a Bluetooth enabled hacking technique that allows hackers to access another Bluetooth device without the victims knowledge. This attack raises obvious concerns, similar to Bluejacking the attack gains access to the victims phone book, missed, received or dialled contacts. It is also possible for the attacker to use the phones commands through their own phone.
Although it is obvious that the Snarf attack reveals sensitive information, what is not so obvious is what other malicious attacks can be initiated through a snarf attack. The Snarf attack provides access to the victims AT-commands, in other words it allows the attacker to do the following.
The only way to defend against the Snarf attack is to either turn Bluetooth off on the device, or to set it as invisible. Although this prevention is going to stop most attackers, there is software available that can penetrate Bluetooth invisible devices.
The reasons a person may choose to initiate a Snarf attack are infinite. Identity theft using this attack appears to be the most attractive. If the attacker has access to a victims personal details through a mobile phone, and is able to use the phone from a remote location which poses obvious threats. Hansen (2003:01) said, "the typical identity thief initiates the crime by defrauding a mobile phone provider, and moves from there to establishing any number of fraudulent accounts with credit card companies, retailers and so on’. ‘The Identity Theft Resource Centre estimates that 700,000 consumers became victims of identity theft during 2002.’
--benhenzell 09:51, 29 Oct 2004 (EST)
