Bluetooth Security Threats

Bluetooth technology has become an integral part of this modern society. The availability of mobile phones, game controllers, Personal Digital Assistant (PDA) and personal computers has made Bluetooth a popular technology for short range wireless communication. However, as the Bluetooth technology becomes widespread, vulnerabilities in its security protocols are increasing which can be potentially dangerous to the privacy of a user’s personal information. The proliferation of the Bluetooth devices in the workplace exposes organizations to security risks. Bluetooth technology and associated devices are susceptible to general wireless networking threats, such as denial of service attack, eavesdropping, man-in-the-middle attacks, message modification, and resource misappropriation. Preventing unauthorized users from secure communication is a challenge to the pairing process. KeywordsBluetooth Security, Privacy, PDA, man-in-the-middle attacks. INTRODUCTION Bluetooth technology has been considered as a cheap, reliable, and power efficient replacement of cables for connecting electronic devices. This technology was officially approved in the summer of 1999 [1]. Since then it has widely been used in various electronic devices. Bluetooth Special Interest Group (SIG) was formed to nurture and promote this technology. The SIG has over 14,000 members including some leading companies in the fields of telecommunications, computing, automotive, music, industrial automation, and network industries [2]. Bluetooth is a combination of hardware and software technology. The hardware is riding on a radio chip. On the other hand, the main control and security protocols have been implemented in the software. By using both hardware and software Bluetooth has become a smart technology for efficient and flexible wireless communication system. Bluetooth radio chip supports communication among a group of electronic devices. Some key benefits of Bluetooth technology are,  Cable replacement. Bluetooth technology replaces a variety of cables, such as those traditionally used for peripheral devices (e.g., mouse and keyboard connections), printers, and wireless headsets and ear buds that interface with personal computers (PC) or mobile telephones.  Ease of file sharing. A Bluetooth-enabled device can form a piconet to support file sharing capabilities with other Bluetooth devices, such as laptops.  Wireless synchronization. Bluetooth provides automatic synchronization between Bluetooth-enabled devices. For example, Bluetooth allows synchronization of contact information contained in electronic address books and calendars.  Internet connectivity. A Bluetooth device with Internet connectivity can share that access with other Bluetooth devices. For example, a laptop can use a Bluetooth connection to have a mobile phone establish a dial-up connection, so that the laptop can access the Internet through the phone. Bluetooth permits devices to establish either ad hoc or infrastructure networks. Infrastructure networks use fixed Bluetooth access points (AP), which facilitate communication between Bluetooth devices. This document focuses on ad hoc piconets, which are much more common than infrastructure networks. Ad hoc networks provide easy connection establishment between mobile devices in the same physical area (e.g., the same room) without the use of any infrastructure devices [3]. A Bluetooth client is simply a device with a Bluetooth radio and software incorporating the Bluetooth protocol stack and interfaces. Bluetooth can also be used to form ad hoc networks of several (up to eight) devices, called piconets. This can be useful for example in a meeting, where all participants have their own Bluetooth compatible laptops, and want to share files with each other [4]. Bluetooth offers several benefits and advantages, but the benefits of Bluetooth are not provided without risk. Bluetooth technology and associated devices are susceptible to general wireless networking threats, such as denial of service attacks, eavesdropping, man-in-the-middle attacks, message modification, and resource misappropriation, Bluesnarf, etc [5, 6]. Praveen Kumar Mishra / International Journal of Computer Science & Engineering Technology (IJCSET) ISSN : 2229-3345 Vol. 4 No. 02 Feb 2013 147 In this paper, we will provide some background information about Bluetooth system, its applications and various security issues involve in Bluetooth, mainly authentication, encryption, and key management. We will also describe vulnerabilities in Bluetooth technologies and threats against those vulnerabilities. Based on the common vulnerabilities and threats, recommendations for possible countermeasures that can be used to improve Bluetooth security are also made. This provides better understanding of the problem, current solution space, and future research scope to resolve various security issues involve in Bluetooth security. Attacks on Bluetooth As technology improves,these phone hackers, or “phreakers”, only gain more of an advantage. Here is an abridged list of attacks that have been launched at Bluetooth : SNARF Attack This attack is typically only available when a phone is set in “discovery” or “visible” mode on the network. It was thought that setting the phone to “invisible” mode would cease these attacks, but recently, tools have appeared on the internet that can bypass even these settings. Attackers can now setup a SNARF attack on almost any phone. The only sure-fire way to avoid SNARF attacks is to disable Bluetooth on the phone when you do not absolutely need its functionality. BACKDOOR Attack The BACKDOOR attack is another security violation that works by establishing an illegal connection to the target’s phone. This attack, however, works by actually establishing a trust relationship through Bluetooth’s pairing mechanism, but removing the attacking device from the pair list after a connection is established. In this way, unless the owner of the device is watching the pair list at the exact moment a connection is made, it is unlikely they will notice that the enemy is still connected even though the pair has been removed from the list. The enemy will then have access to all material that a “trusted” link would entail, but without the owner permitting the use. This would again allow access permitted data on the phone as well as phone calls and instant messages. However, since this attack only grants access to information flagged for trusted connections, it is more limited than the SNARF attack. BLUEBUG Attack The BLUEBUG attack is an attack that creates a serial connection to the phone, allowing access to all the included AT commands. This allows the attacker to place phone calls, send and receive messages, connect to internet data services. It has also been discovered that if the phone is on a GSM network, it is possible to monitor conversations of nearby phones. This attack takes approximately 2 seconds to complete if implemented correctly, and it leaves almost no trace of its intrusion. An attacker can then route incoming calls to other devices. BLUEJACKING Unlike the previous attacks, BLUEJACKING does not allow and adversary access to any data. Instead, using a small loophole in the Bluetooth pairing process, it is possible to send a user a message. This is often harmless, as attackers merely used BLUEJACKING as a way to express themselves, present counter-culture propaganda, or simply prove they can accomplish the violation of a consumer’s security. WARNIBBLING WARNIBBLING is an attack in which a phreaker attempts to find and access as many vulnerable Bluetooth phones as possible. They typically use laptops or PCs with high gain antennas and special software, such as Redfang, to sniff for accessible phones. Instead of remaining stationary, warnibblers will move around mapping as many phones a possible. Some drive, some move from café to café, but the results are the same – they often violate the security of large amounts of consumers. Solutions of Bluetooth Security The link layer security is usually used in wireless network. However, this kind of security can not satisfy the user’s demand in upper layer. To meet with different requirements of data security in Bluetooth technology, Bluetooth technology provides three security modes to enforce the flexibility of its secure mechanism and the device manufacture determine which mode should be used. The three modes are: