Abstract
As the widespread use and acceptance of Bluetooth continues concerns are being raised related to security vulnerabilities and privacy issues inherent in the use of this technology. Inadequate device resources and lack of user awareness has compounded this issue where the emphasis on design constraints, functionality and ease of use sometimes outweigh security concerns. Recently some concerns have being highlighted relating to the possible security vulnerabilities in commonly used devices, and also the possibility of the imperceptible tracking of device users through the use of distributed and connected Bluetooth sensor nodes. This paper discusses some of these issues and highlights a number of vulnerabilities in the current generation of Bluetooth enabled devices. In particular, the current methods being used to exploit these vulnerabilities are discussed and the results from a case study are presented which identify the percentage of popular devices susceptible to this type of misuse.
Original language | English |
---|---|
Pages (from-to) | 125-129 |
Journal | IJCSNS International Journal of Computer Science and Network Security |
Volume | 6 |
Issue number | 4 |
Publication status | Published (in print/issue) - 1 Apr 2006 |
Bibliographical note
Reference text: 1] Official Bluetooth Website, http://www.bluetooth.com/, Sitevisited 02/12/05.
[2] B. L. & A. Laurie, “Serious flaws in Bluetooth security lead
to disclosure of personal data”, A.L. Digital Ltd. Technical
report, http://bluestumbler.org/, Site visited 02/12/05.
[3] Herfurt, M., “Bluesnarf @ CeBIT 2004”, Technical Report,
Salzburg Research Forschungsgesellschaft mbH
http://www.trifinite.org/Downloads/BlueSnarf_CeBIT2004.pdf.
[4] Haase, M., Handy, M., and D. Timmermann, “Bluetrack-
Imperceptible Tracking of Bluetooth devices”, UbiComp 2004,
Nottingham, Great Britain, UK, September 2004.
[5] Bluetrack Project Homepage, http://www-md.e-technik.unirostock.
de/forschung/projekte/BlueTrack, Site visited 02/12/05.
[6] RedFang Bluetooth Discovery Tool,
http://www.securiteam.com/tools/5JP0I1FAAE.html, Site visited
02/12/05.
[7] Gnokii Toolkit Homepage, http://www.gnokii.org, Site
visited 02/12/05.
[8] Haase, M., Nickel, T., Esins, S., and R. Möckel, “Bluetrack-
Imperceptible Tracking of Bluetooth devices”, CeBIT 2004
Poster presentation, http://www-md.e-technik.unirostock.
de/ma/hm27/bluetrack-eng.pdf.
[9] IEEE Bluetooth OUI listing, Site visited 02/12/05.
http://standards.ieee.org/regauth/oui/index.shtml,
[10] PhpMyAdmin Project Homepage,
http://www.phpmyadmin.net, Site visited 02/12/05.
[11] IDC Western Europe Second Quarter Mobile Phone Report,
http://www.idc.com, Site visited 02/12/05.
[12] Mulliner, C., and M. Herfurt, “Blueprinting - Remote
Device Identification Techniques”, 21st Chaos Communication
Congress (21C3), Berlin, Germany, December 2004.
[13] ZDNet Technology News Homepage,
http://news.zdnet.co.uk, Site visited 02/12/05.
Keywords
- Bluetooth Security
- Bluesnarfing
- Bluebug
- Privacy.