Tarlogic shows how to extract critical information from a smartphone using BlueTrust technology
The cybersecurity company presents at EuskalHack 2023 the advances of BlueTrust technology that reveal vulnerabilities in the Bluetooth standard
Tarlogic, the cybersecurity services company based in Santiago and Madrid, has managed to extract critical information from a smartphone (contacts, locations, call history) using BlueTrust technology developed by the company, which has allowed it to detect a vulnerability in the Bluetooth standard.
Antonio Vázquez Blanco and Jesús Mª Gómez Moreno, members of Tarlogic Security’s Innovation team, have described the potential of this research to perform various actions, such as forensic analysis and Red Team exercises, in their presentation at EuskalHack, one of the most important cybersecurity congresses in Spain.
For more than two years, the company’s professionals have developed various tools to identify the connections between multiple devices that we use daily: cell phones, personal computers, cars, intelligent locks, Smart TV…
The Tarlogic team has used BlueTrust technology to impersonate Bluetooth devices, correlate them with devices with which they have a trust relationship, discover vulnerable devices, and even extract information from these devices.
Cybersecurity specialists have addressed the keys to the investigation through two highly relevant use cases, forensic analysis, and Red Team exercises. Still, the tools and methodologies developed by Tarlogic can address a wide range of actions related to the security of Bluetooth devices, businesses, and citizens.
Forensic analysis: Helping police extract data from a locked cell phone
Thanks to BlueTrust technology, police can extract data stored on a locked phone for which no passcode is available. This allows law enforcement to advance investigations without requiring more invasive tests, such as removing the device’s memory or breaking the encryption keys.
Even if the device is locked, it is possible to activate Bluetooth. So BlueTrust can be used to detect the phone, clone its identity, store it, and use this data to impersonate the Bluetooth device and obtain critical information such as:
- Locations. Discover evidence to locate the phone in different places where there are «fixed» Bluetooth devices, such as locks or smart TVs, with which the phone has interacted in the past.
- Relationship with other people. Detect connections with devices belonging to other people to probe the personal relationships of the owner of the mobile.
- New sources of information. Using BlueTrust technology, it is possible to discover travel, contacts, or call history data.
The method designed by Tarlogic professionals allows law enforcement investigators to access essential information that cannot be collected by other techniques and is not dependent on encryption or the locking of the mobile device.
Red Team exercises: Detecting vulnerable devices before criminals do
Another of the many use cases for BlueTrust technology is to improve the ability to assess the security of enterprises through targeted attacks on selected individuals to uncover potentially vulnerable Bluetooth devices.
The research tools provide professionals conducting a Red Team exercise with the ability to expand the attack surface by recognizing vulnerable devices associated with a user.
BlueTrust intervenes in the reconnaissance phase of the Red Team exercise, helping to discover vulnerable devices without the need for visual surveillance or a Bluetooth sniffer. BlueTrust can therefore detect relationships between devices remotely and asynchronously, unlike a sniffer. This translates into agile and unobtrusive detection, two essential aspects of a Red Team exercise.
Thanks to the information obtained through the use of BlueTrust, Red Team professionals can:
- Implement Social Engineering techniques, such as phishing, to get a professional to download malware on their mobile.
- Extract information to carry out physical attacks against a company’s facilities.
- Obtain data on all the devices in a network to detect their weak points and exploit known vulnerabilities.
Unlocking the tools of investigation
These examples of BlueTrust technology use demonstrate its potential for law enforcement, cybersecurity professionals, and enterprises to prevent attacks that exploit Bluetooth vulnerabilities and fight crime.
Tarlogic Security, in an exercise of responsible disclosure, will release the BlueTrust research tools and code in the coming months.
The technology and methods developed by Tarlogic’s Innovation team will be available to all users to facilitate further research into Bluetooth, an essential standard of our era.
This research is part of Tarlogic’s ongoing effort to produce technology and disseminate knowledge to help strengthen the security of devices used by millions of businesses and citizens in their daily lives.
About Tarlogic
Tarlogic is a cybersecurity services company with offices in Santiago (Teo, A Coruña) and Madrid. Its staff comprises a hundred professionals, 90% of them engineers and professionals with a high level of expertise in cybersecurity, cyberintelligence, or audit of offensive and defensive services.
The company’s clients include Ibex 35 companies and leading firms in their respective sectors.