The Bluetooth Honeypot Project: Measuring and Managing Bluetooth Risks in the Workplace

Bluetooth technology (BT) and the inherent security vulnerabilities it introduces into business domains are often overlooked when security policies are developed. However, the International Data Corporation (IDC) projected that global Bluetooth short-wave wire semiconductor revenue will triple from $1.7 billion in 2007, to $3.3 billion in 2012 (Reidy, 2008). After a brief history of Bluetooth technology, researchers will examine how Bluetooth works, its vulnerabilities, and how these vulnerabilities can be exploited. Bluetooth malware and its associated risks will also be explored. As a practical approach to monitor Bluetooth threats and malware, the employment of a Bluetooth honeypot will be discussed, including honeypot structure and the legalities of deploying them. Building on Andrew Smith’s earlier work developing Bluepot, a functional Bluetooth honeypot (Smith, 2011), researchers will test Bluepot and discuss the feasibility of using it as a prototype for developing a functional Bluetooth honeypot to secure corporate data and analyze BT malware. DOI: 10.4018/jitn.2012070101 2 International Journal of Interdisciplinary Telecommunications and Networking, 4(3), 1-22, July-September 2012 Copyright © 2012, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited. cies. By not understanding and safeguarding the organization from Bluetooth threats, data theft, unauthorized access to sensitive material, unauthorized access and the prohibited use of network devices are likely to occur. The result is a loss of revenue from data theft, loss of business due to a poor reputation, litigation costs, and regulatory fines. While it may seem adequate to prohibit Bluetooth technology on company owned equipment, the reality is that Bluetooth enabled devices will still be employed on employees’ personal devices and vehicles. Many organizations even supply Bluetooth devices to their employees to increase productivity. It is therefore imperative that organizations find effective methodologies to thwart and detect Bluetooth vulnerabilities in the corporate environment. Securing the network and physical access to the building are of little use if Bluetooth technology is not addressed, as it is akin to locking the door and leaving the window open. DEVELOPMENT OF BLUETOOTH Bluetooth technology (BT) was the innovation of Swedish cell phone corporation Ericsson Mobile Communications. Ericsson’s original objective was to create a wireless connection between a user’s mobile telephone or PC and some type of earpiece as part of an effort to eliminate the wire clutter caused by proprietary cable connections (Ahonen, 2006). In 1994, Jaap Haartsen and colleague Sven Mattisson, of Ericson’s Mobile Terminal Division in Stockholm discovered that they could tap into low radio frequency, thus saving development time and minimizing costs. In addition to its ability to transmit data, low radio frequency was available free of charge and required no licensing. Bluetooth employs a variation of Frequency-hopping spread spectrum (FHSS) called Adaptive Frequency-hopping spread spectrum (AFH) (Hodgdon, 2003). AFH relies on hopping sequences to circumvent crowded frequencies. The concept of radio frequency hopping was initially utilized by the Germans during the First World War to deter eavesdropping by British forces (Zenneck, 1915), and was patented in 1942 by actress Hedy Lamarr and composer George Antheil (Rhodes, 2009). Lamarr and Antheil’s rendering of frequency hopping utilized a piano-roll (music storage medium) which switched between some 88 frequencies (Rhodes, 2009). Their ultimate goal was to enable radio-guided torpedoes to go undetected by the enemy. The patent, number 2,292,387, named Secret Communications System, resurfaced in 1950, where it was developed into a civilian version of spread spectrum Code Division Multiple Access (CDMA) (Philosophy of Science Portal, 2009). The development of Bluetooth specification standard IEEE 802.15 in 1998 enabled proprietary devices from different manufacturers to work together (HP, 2004).Today, the Short Range Wireless SIG membership exceeded 1600 companies (Blasdel & Pokomy, 2004). Bluetooth technology is not only used to connect mobile phones and computers to wireless headsets, keyboards, and other peripherals, but by 2008, approximately 30 percent of all vehicles driven on American roads utilized some form of Bluetooth technology for everything from hands-free communication and navigation, to entertainment and remote diagnostics (Choney, 2008). Another sector where Bluetooth technology is rapidly expanding is healthcare where it is utilized in medical devices such as hearing aids, pulse oximeters, glucose monitors, and stethoscopes. According to the short-range wireless Special Interest Group (SIG), as of 2011, more than 40 million Bluetooth enabled medical and fitness devices are currently on the market (Bluetooth SIG, 2012). BLUETOOTH ARCHITECTURE Bluetooth, being an open-standard short-range radio frequency (RF) communication, facilitates limited wireless data transmission between electronic devices replacing the need for physical connections (Padgette & Scarfone, 2008). Communication between Bluetoothenabled devices 20 more pages are available in the full version of this document, which may be purchased using the "Add to Cart" button on the product's webpage: www.igi-global.com/article/bluetooth-honeypotproject/70592?camid=4v1 This title is available in InfoSci-Journals, InfoSci-Journal Disciplines Communications and Social Science. Recommend this product to your librarian: www.igi-global.com/e-resources/libraryrecommendation/?id=2