The open source tool Blue Hydra which is used to track classic and low energy Bluetooth devices can be used by criminals to track users and compromise security.
The Blue Hydra Bluetooth Tool Can Be Used in Dangerous Ways
The versatile Bluetooth utility program Blue Hydra has attracted the attention of cyber security experts as it can be used by criminal users as well. The software allows users the ability to track the presence of Bluetooth devices – both the traditional specification and the newer Bluetooth Low Energy specification and the iBeacon proximity sensors. The later two technologies are used extensively in Internet of Things devices and consumer products such as smart watches.
Blue Hydra provides extensive functionality as it allows the operators to provide the information to other tools. The software can log the raw detection data and record in-depth information a bout the detected devices in a portable SQLite database. The user may opt to produce a standard log file, and the program can run as a daemon in the background.
Potential privacy problems can be exploited using tools such as Blue Hydra. The Bluetooth Low Energy devices are constantly broadcasting their status to the outside world even when their sleep mode is activated. The devices themselves use randomized media access control (MAC) addresses much like other network devices.
However, the broadcast data also includes a universally unique identifier (UUID) that is specific to each device. With the help of tools like Blue Hydra a malicious user can track the device and its owner when their signals are detected. Using the Received Signal Strength Indication (RSSI) beacon criminals can also measure an estimate of the distance of the target host.
The popular iBeacon protocol has already been used by marketing specialists in retaining stores to serve ads to customers. They utilize the device support for this technology and their integration with mobile applications to detect their distance from a store. Once the user is close to their premises, the targeted advertisements are delivered to the mobile application. The technology has faced criticism by many security experts over its many security and privacy complications.
Blue Hydra operates with most internal Bluetooth cards and has an easy to use command line interface. It can be used to construct detailed information about the Bluetooth device availability by wardriving around a certain location.
To learn more about Blue Hydra visit the project’s GitHub page.