Case Study on the Bluetooth Vulnerabilities in Mobile Devices

TY - JOUR

T1 - Case Study on the Bluetooth Vulnerabilities in Mobile Devices

AU - solon, A

AU - Callaghan, MJ

AU - Harkin, Jim

AU - McGinnity, TM

N1 - Reference text: 1] Official Bluetooth Website, http://www.bluetooth.com/, Site visited 02/12/05. [2] B. L. & A. Laurie, “Serious flaws in Bluetooth security lead to disclosure of personal data”, A.L. Digital Ltd. Technical report, http://bluestumbler.org/, Site visited 02/12/05. [3] Herfurt, M., “Bluesnarf @ CeBIT 2004”, Technical Report, Salzburg Research Forschungsgesellschaft mbH http://www.trifinite.org/Downloads/BlueSnarf_CeBIT2004.pdf. [4] Haase, M., Handy, M., and D. Timmermann, “Bluetrack- Imperceptible Tracking of Bluetooth devices”, UbiComp 2004, Nottingham, Great Britain, UK, September 2004. [5] Bluetrack Project Homepage, http://www-md.e-technik.unirostock. de/forschung/projekte/BlueTrack, Site visited 02/12/05. [6] RedFang Bluetooth Discovery Tool, http://www.securiteam.com/tools/5JP0I1FAAE.html, Site visited 02/12/05. [7] Gnokii Toolkit Homepage, http://www.gnokii.org, Site visited 02/12/05. [8] Haase, M., Nickel, T., Esins, S., and R. Möckel, “Bluetrack- Imperceptible Tracking of Bluetooth devices”, CeBIT 2004 Poster presentation, http://www-md.e-technik.unirostock. de/ma/hm27/bluetrack-eng.pdf. [9] IEEE Bluetooth OUI listing, Site visited 02/12/05. http://standards.ieee.org/regauth/oui/index.shtml, [10] PhpMyAdmin Project Homepage, http://www.phpmyadmin.net, Site visited 02/12/05. [11] IDC Western Europe Second Quarter Mobile Phone Report, http://www.idc.com, Site visited 02/12/05. [12] Mulliner, C., and M. Herfurt, “Blueprinting - Remote Device Identification Techniques”, 21st Chaos Communication Congress (21C3), Berlin, Germany, December 2004. [13] ZDNet Technology News Homepage, http://news.zdnet.co.uk, Site visited 02/12/05.

PY - 2006/4/1

Y1 - 2006/4/1

N2 - As the widespread use and acceptance of Bluetooth continues concerns are being raised related to security vulnerabilities and privacy issues inherent in the use of this technology. Inadequate device resources and lack of user awareness has compounded this issue where the emphasis on design constraints, functionality and ease of use sometimes outweigh security concerns. Recently some concerns have being highlighted relating to the possible security vulnerabilities in commonly used devices, and also the possibility of the imperceptible tracking of device users through the use of distributed and connected Bluetooth sensor nodes. This paper discusses some of these issues and highlights a number of vulnerabilities in the current generation of Bluetooth enabled devices. In particular, the current methods being used to exploit these vulnerabilities are discussed and the results from a case study are presented which identify the percentage of popular devices susceptible to this type of misuse.

AB - As the widespread use and acceptance of Bluetooth continues concerns are being raised related to security vulnerabilities and privacy issues inherent in the use of this technology. Inadequate device resources and lack of user awareness has compounded this issue where the emphasis on design constraints, functionality and ease of use sometimes outweigh security concerns. Recently some concerns have being highlighted relating to the possible security vulnerabilities in commonly used devices, and also the possibility of the imperceptible tracking of device users through the use of distributed and connected Bluetooth sensor nodes. This paper discusses some of these issues and highlights a number of vulnerabilities in the current generation of Bluetooth enabled devices. In particular, the current methods being used to exploit these vulnerabilities are discussed and the results from a case study are presented which identify the percentage of popular devices susceptible to this type of misuse.

KW - Bluetooth Security

KW - Bluesnarfing

KW - Bluebug

KW - Privacy.

M3 - Article

VL - 6

SP - 125

EP - 129

IS - 4

ER -