Group 4:
Contents
Team
Initial Project Statement
As bluetooth technology evolves and incorporated in most wireless devices, users need to become aware of the Bluetooth-specific security issues that come along with their ownership
Introduction Bluetooth
Bluetooth is one of several wireless technologies along with Wifi, and Wicast that allows for the connection of several devices wirelessly [1]. It operates on low power radio wave signaling allowing for short range communication and the creation of wireless Personal Area Networks ( PANs). It communicates on a frequency of between 2.402 GHz and 2.480 GHz. This is the same frequency band that is used for the purpose of industrial, scientific and medical devices (ISM). Some common devices in everyday life that operate on this frequency are garage door openers, baby monitors as well as the newer cordless phones. [2] However, although bluetooth and other ISM devices function on the same frequency, they do not interfere with one another due to the fact that weak signals of around 1 milliwatt are used. Also the fact that it uses a technique called spread-spectrum frequency hopping, up to 8 devices can be simultaneously connected via bluetooth without interfering with eachother [3].
Like any other wireless technology,Bluetooth technology has some inevitable vulnerabilities which users should be aware of. Although the automatic bluetooth connection is a benefit in terms of time and effort, is also a benefit to people looking to send you data without your permission. Problems such as Bluetracking, Bluejacking, Bluebugging, and bluesnarfing can arise if the user doesn't take the necessary measures to reduce security risks [4]
Bluetracking
What Makes the Technology Traceable?
Bluetooth devices can share information within a range of 10-100m depending on the device [5]. As long as the device is turned on, there are two security features available to users. “Discoverable” or “non-discoverable”. This determines whether the device is visible to others within the range[6] . Therefore, if several devices are on discoverable mode, they can all search for and locate one another. Because of the limited 10m range these devices work in, to track a particular user, one would have to identify the person’s device and follow them around all day in order to maintain them within detectable distances [7]]
]. This problem can be overcome by setting up a Bluetooth surveillance network. If , for example, Bluetooth enabled receivers are strategically placed to cover a 100m long street, each receiver placed 20 meters from the other one, only 5 receivers would be required to track a person’s movement. As the person walks along the street, the first receiver would track him for the length of the first 20 meters, the second for the next 20 meters, and so on for the length of the street.[8]
Some cases of Bluetooth Tracking
1. Some cities have implemented this surveillance network in specific areas. For example, at the Aalborg Zoo in Denmark, they use special bluetags to prevent parents from losing their children. A "Bluetag" is attached onto the child, and Bluetooth receivers around the zoo track the child's movement[9] .2. Some shopping malls have installed Bluetooth surveillance to monitor the movement of Bluetooth enabled users. Although this doesn’t provide the exact positioning of a person, it does allow the system to create a general map of a person’s path, and estimate how long they remain in a certain area. This knowledge can then be used by store owners to strategically place advertisements accordingly. This Bluetooth tracking technology is being used in by some stores to aim advertisements at them as they walk past shops or billboards.[10]
3. In Bath, England Bluetooth scanners have been set up in secret locations across the city. Citizens are being tracked, without being aware, in a technology experiment called Cityware. Eamonn O’Neill, the researcher of this experiment, said the objective of this experiment is not to individually track certain people; rather the aim of this experiment is to study the aggregate behaviour of city dwellers as a whole. O'Neill described his project as "public observation" rather than individual surveillance, arguing the data would improve scientific understanding, as data about people's movements could help research into the spread of biological epidemics[11]
4. A Netherlands based website ,Bluetoothtracking.org [12], uses this technology to publish live data about people's movements across the town of Apeldoorn, allowing people to search the whereabouts of friends and associates without them knowing about it [13].
Bluejacking
How it works
Bluejacking involves one person sending unsolicited messages over Bluetooth to Bluetooth enabled devices. These devices include: mobile phones, PDAs or laptop computers. Bluetooth usually has a range of ten meters on mobile phones, and can reach up to a hundred meters for laptops with strong transmitters. [14] If the user is unaware of the content of the message, he/she might allow the contact to be added to his address book. The contact can send him/her messages that might be automatically opened because message is coming from a known contact. [15]
Bluejacking consists of two passes. The phone searches for devices in range in the first pass. When a phone is found, it is counted and scanned. When the first scan is complete, the bluejacker’s phone has the MAC (Media Access Control) address of each device in range when the first pass was carried out. The first scan can only be interrupted by prssing “Stop” and the addresses will ultimately be visible. As bluejacking proceeds to the second pass, the phone attempts to retrieve the Bluetooth Name set in each of the devices. The MAC Address is only displayed if the device moves out of range. [16]
Concerns
Bluejacking is usually harmless, however because bluejacked people normally don't know what has occurred, they may think that their phone is malfunctioning. Although a bluejacker would usually only send a text message, with modern phones, it's also possible to send images or sounds as well. [17]Bluejackers in crowded transport hubs, pubs or any other public place are typically more prone to send Bluetooth messages without being detected because Bluetooth-enabled phones, PDAs and laptops can search for other devices within a short span. Under the condition that the device users have their Bluetooth shut off, bluejacking does not pose a security threat. [18]
Security Threat
Watch Video [19] Having shown that, bluejacking can bring more than annoyance to cell phone and laptop users. As the video shows, cell phone hacking can be almost effortless. In a crowded public place, a bluejacker can ultimately hack into someone’s cell phone that has their Bluetooth turned on. [20] A phone call is made by the bluejacker, but the cost is charged towards the hacked individual. The person with a hacked cell phone is completely oblivious; hence bluejacking causes a threat to security. This could be prevented by simply turning the Bluetooth visibility off. [21] However, this prevention could be easily ignored simply due to carelessness of cell phone users. If one does not bother to, or forgets to turn off their Bluetooth visibility, bluejackers can have easy access to their cell phones.
Bluebugging
Bluebugging may be the most severe attack on a Bluetooth user and can take as little as a few seconds to do. It is virtually taking total control over someone else’s phone without any permission or recognition that it is happening.[22] This attack gives access to the hacker allowing them to send and receive messages, make phone calls, read and write contacts and calendar events, eavesdrop on phone conversations, and connect to the Internet.[23] All of these potential issues may lead to financial damage, tracking the victim, finding out personal information, as well as using it for harassing others.[24] Like any other Bluetooth security breach, there still remains a 10 meter range for the hacker.[25]
Bluesnarfing
Bluesnarfing refers to wirelessly connecting to someone else’s phone.[26] This attack is generally targeted to the earlier Bluetooth phones according to the Bluetooth Special Interest Group (SIG).[27] It allows data stored on a Bluetooth enabled phone to become accessible to the hacker allowing them to copy the contents and perform other tasks.[28] These threats include the ability to make phone calls, send and receive text messages, read and write phonebook contacts, eavesdrop on phone calls, and connect to the internet. A technique which will significantly reduce a Bluetooth’s phones vulnerability is to make sure the phone remains in non-discoverable mode.[29]
Conclusion
Despite the many advantages Bluetooth, it is still apparent that there are security issues that cell phone and lap top users should take precautions for [30] Taking a few safety measures will greatly reduce the risk, such as placing your Bluetooth phone in a non discoverable mode or simply not adding anonymous users. Over time, technology will advance, and eliminate the Bluetooth loopholes and security breaches.
External Links
1. http://www.bluejackq.com/what-is-bluejacking.shtml.
2. http://electronics.howstuffworks.com/bluetooth4.htm
3. http://en.wikipedia.org/wiki/Bluejacking
4. http://www.theregister.co.uk/2003/11/05/bluetooth_boom_spawns_bluejacking/
5. http://www.youtube.com/watch?v=bb3lJCwWU3o
6. http://www.bluejackq.com/motorola-a835.shtml
7. http://www.gcn.com/print/24_20/36437-1.html#
8. http://www.thebunker.net/resources/bluetooth
9. http://www.palowireless.com/infotooth/tutorial.asp
10. http://developer.apple.com/hardwaredrivers/bluetooth/
11. http://www.ericsson.com/technology/tech_articles/Bluetooth.shtml
12. http://www.bluetomorrow.com/
13. http://compnetworking.about.com/b/2007/11/11/tracking-people-using-bluetooth.htm
14. http://whitepapers.zdnet.co.uk/0,1000000651,260156360p,00.htm
15. http://en.wikipedia.org/wiki/Bluebugging0
16. http://www.mysecurecyberspace.com/encyclopedia/index/bluebugging.html
17. http://www.5min.com/Video/Bluetooth-Hacking-How-Vulnerable-is-Your-Mobile-3303494
18. http://www.sector.ca/covotsos_training.htm
19. http://www.security-hacks.com/2007/05/25/essential-bluetooth-hacking-tools
22. http://www.bluejackq.com/what-is-bluejacking.shtml
23.http://www.imgres?imgurl=http://www.metroactive.com/papers.html
24. http://www.pentest.co.uk/documents/wbf_slides.pdf
26. http://csrc.nist.gov/publications/nistpubs/800-121/SP800-121.pdf
27. http://www.wirelessnetdesignline.com/showArticle.jhtml?articleID=192200279
28. http://www.comms.scitech.susx.ac.uk/fft/bluetooth/14Bluetooth_Wifi_Security.pdf
29. http://www.palowireless.com/bluearticles/cc1_security1.asp
30. http://www.discussion.forum.nokia.com/forum/showthread.php?t=112888