Case Study on the Bluetooth Vulnerabilities in Mobile Devices

A solon; MJ Callaghan; Jim Harkin; TM McGinnity

Case Study on the Bluetooth Vulnerabilities in Mobile Devices

A solon, MJ Callaghan, Jim Harkin, TM McGinnity

Research output: Contribution to journal › Article › peer-review

191 Downloads (Pure)

Abstract

As the widespread use and acceptance of Bluetooth continues concerns are being raised related to security vulnerabilities and privacy issues inherent in the use of this technology. Inadequate device resources and lack of user awareness has compounded this issue where the emphasis on design constraints, functionality and ease of use sometimes outweigh security concerns. Recently some concerns have being highlighted relating to the possible security vulnerabilities in commonly used devices, and also the possibility of the imperceptible tracking of device users through the use of distributed and connected Bluetooth sensor nodes. This paper discusses some of these issues and highlights a number of vulnerabilities in the current generation of Bluetooth enabled devices. In particular, the current methods being used to exploit these vulnerabilities are discussed and the results from a case study are presented which identify the percentage of popular devices susceptible to this type of misuse.

Original language	English
Pages (from-to)	125-129
Journal	IJCSNS International Journal of Computer Science and Network Security
Volume	6
Issue number	4
Publication status	Published - 1 Apr 2006

Bibliographical note

Reference text: 1] Official Bluetooth Website, http://www.bluetooth.com/, Site
visited 02/12/05.
[2] B. L. & A. Laurie, “Serious flaws in Bluetooth security lead
to disclosure of personal data”, A.L. Digital Ltd. Technical
report, http://bluestumbler.org/, Site visited 02/12/05.
[3] Herfurt, M., “Bluesnarf @ CeBIT 2004”, Technical Report,
Salzburg Research Forschungsgesellschaft mbH
http://www.trifinite.org/Downloads/BlueSnarf_CeBIT2004.pdf.
[4] Haase, M., Handy, M., and D. Timmermann, “Bluetrack-
Imperceptible Tracking of Bluetooth devices”, UbiComp 2004,
Nottingham, Great Britain, UK, September 2004.
[5] Bluetrack Project Homepage, http://www-md.e-technik.unirostock.
de/forschung/projekte/BlueTrack, Site visited 02/12/05.
[6] RedFang Bluetooth Discovery Tool,
http://www.securiteam.com/tools/5JP0I1FAAE.html, Site visited
02/12/05.
[7] Gnokii Toolkit Homepage, http://www.gnokii.org, Site
visited 02/12/05.
[8] Haase, M., Nickel, T., Esins, S., and R. Möckel, “Bluetrack-
Imperceptible Tracking of Bluetooth devices”, CeBIT 2004
Poster presentation, http://www-md.e-technik.unirostock.
de/ma/hm27/bluetrack-eng.pdf.
[9] IEEE Bluetooth OUI listing, Site visited 02/12/05.
http://standards.ieee.org/regauth/oui/index.shtml,
[10] PhpMyAdmin Project Homepage,
http://www.phpmyadmin.net, Site visited 02/12/05.
[11] IDC Western Europe Second Quarter Mobile Phone Report,
http://www.idc.com, Site visited 02/12/05.
[12] Mulliner, C., and M. Herfurt, “Blueprinting - Remote
Device Identification Techniques”, 21st Chaos Communication
Congress (21C3), Berlin, Germany, December 2004.
[13] ZDNet Technology News Homepage,
http://news.zdnet.co.uk, Site visited 02/12/05.

Keywords

Bluetooth Security
Bluesnarfing
Bluebug
Privacy.

Access to Document

CaseStudyAccepted author manuscript, 257 KB

http://ijcsns.org/

Cite this

@article{f5a977820c1c4f9c8b775bc3be0ef3b6,

title = "Case Study on the Bluetooth Vulnerabilities in Mobile Devices",

abstract = "As the widespread use and acceptance of Bluetooth continues concerns are being raised related to security vulnerabilities and privacy issues inherent in the use of this technology. Inadequate device resources and lack of user awareness has compounded this issue where the emphasis on design constraints, functionality and ease of use sometimes outweigh security concerns. Recently some concerns have being highlighted relating to the possible security vulnerabilities in commonly used devices, and also the possibility of the imperceptible tracking of device users through the use of distributed and connected Bluetooth sensor nodes. This paper discusses some of these issues and highlights a number of vulnerabilities in the current generation of Bluetooth enabled devices. In particular, the current methods being used to exploit these vulnerabilities are discussed and the results from a case study are presented which identify the percentage of popular devices susceptible to this type of misuse.",

keywords = "Bluetooth Security, Bluesnarfing, Bluebug, Privacy.",

author = "A solon and MJ Callaghan and Jim Harkin and TM McGinnity",

note = "Reference text: 1] Official Bluetooth Website, http://www.bluetooth.com/, Site visited 02/12/05. [2] B. L. & A. Laurie, “Serious flaws in Bluetooth security lead to disclosure of personal data”, A.L. Digital Ltd. Technical report, http://bluestumbler.org/, Site visited 02/12/05. [3] Herfurt, M., “Bluesnarf @ CeBIT 2004”, Technical Report, Salzburg Research Forschungsgesellschaft mbH http://www.trifinite.org/Downloads/BlueSnarf_CeBIT2004.pdf. [4] Haase, M., Handy, M., and D. Timmermann, “Bluetrack- Imperceptible Tracking of Bluetooth devices”, UbiComp 2004, Nottingham, Great Britain, UK, September 2004. [5] Bluetrack Project Homepage, http://www-md.e-technik.unirostock. de/forschung/projekte/BlueTrack, Site visited 02/12/05. [6] RedFang Bluetooth Discovery Tool, http://www.securiteam.com/tools/5JP0I1FAAE.html, Site visited 02/12/05. [7] Gnokii Toolkit Homepage, http://www.gnokii.org, Site visited 02/12/05. [8] Haase, M., Nickel, T., Esins, S., and R. M{\"o}ckel, “Bluetrack- Imperceptible Tracking of Bluetooth devices”, CeBIT 2004 Poster presentation, http://www-md.e-technik.unirostock. de/ma/hm27/bluetrack-eng.pdf. [9] IEEE Bluetooth OUI listing, Site visited 02/12/05. http://standards.ieee.org/regauth/oui/index.shtml, [10] PhpMyAdmin Project Homepage, http://www.phpmyadmin.net, Site visited 02/12/05. [11] IDC Western Europe Second Quarter Mobile Phone Report, http://www.idc.com, Site visited 02/12/05. [12] Mulliner, C., and M. Herfurt, “Blueprinting - Remote Device Identification Techniques”, 21st Chaos Communication Congress (21C3), Berlin, Germany, December 2004. [13] ZDNet Technology News Homepage, http://news.zdnet.co.uk, Site visited 02/12/05.",

year = "2006",

month = apr,

day = "1",

language = "English",

volume = "6",

pages = "125--129",

journal = "International Journal of Computer Science and Network Security",

issn = "1738-7906",

publisher = "International Journal of Computer Science and Network Security",

number = "4",

}

TY - JOUR

T1 - Case Study on the Bluetooth Vulnerabilities in Mobile Devices

AU - solon, A

AU - Callaghan, MJ

AU - Harkin, Jim

AU - McGinnity, TM

N1 - Reference text: 1] Official Bluetooth Website, http://www.bluetooth.com/, Site visited 02/12/05. [2] B. L. & A. Laurie, “Serious flaws in Bluetooth security lead to disclosure of personal data”, A.L. Digital Ltd. Technical report, http://bluestumbler.org/, Site visited 02/12/05. [3] Herfurt, M., “Bluesnarf @ CeBIT 2004”, Technical Report, Salzburg Research Forschungsgesellschaft mbH http://www.trifinite.org/Downloads/BlueSnarf_CeBIT2004.pdf. [4] Haase, M., Handy, M., and D. Timmermann, “Bluetrack- Imperceptible Tracking of Bluetooth devices”, UbiComp 2004, Nottingham, Great Britain, UK, September 2004. [5] Bluetrack Project Homepage, http://www-md.e-technik.unirostock. de/forschung/projekte/BlueTrack, Site visited 02/12/05. [6] RedFang Bluetooth Discovery Tool, http://www.securiteam.com/tools/5JP0I1FAAE.html, Site visited 02/12/05. [7] Gnokii Toolkit Homepage, http://www.gnokii.org, Site visited 02/12/05. [8] Haase, M., Nickel, T., Esins, S., and R. Möckel, “Bluetrack- Imperceptible Tracking of Bluetooth devices”, CeBIT 2004 Poster presentation, http://www-md.e-technik.unirostock. de/ma/hm27/bluetrack-eng.pdf. [9] IEEE Bluetooth OUI listing, Site visited 02/12/05. http://standards.ieee.org/regauth/oui/index.shtml, [10] PhpMyAdmin Project Homepage, http://www.phpmyadmin.net, Site visited 02/12/05. [11] IDC Western Europe Second Quarter Mobile Phone Report, http://www.idc.com, Site visited 02/12/05. [12] Mulliner, C., and M. Herfurt, “Blueprinting - Remote Device Identification Techniques”, 21st Chaos Communication Congress (21C3), Berlin, Germany, December 2004. [13] ZDNet Technology News Homepage, http://news.zdnet.co.uk, Site visited 02/12/05.

PY - 2006/4/1

Y1 - 2006/4/1

N2 - As the widespread use and acceptance of Bluetooth continues concerns are being raised related to security vulnerabilities and privacy issues inherent in the use of this technology. Inadequate device resources and lack of user awareness has compounded this issue where the emphasis on design constraints, functionality and ease of use sometimes outweigh security concerns. Recently some concerns have being highlighted relating to the possible security vulnerabilities in commonly used devices, and also the possibility of the imperceptible tracking of device users through the use of distributed and connected Bluetooth sensor nodes. This paper discusses some of these issues and highlights a number of vulnerabilities in the current generation of Bluetooth enabled devices. In particular, the current methods being used to exploit these vulnerabilities are discussed and the results from a case study are presented which identify the percentage of popular devices susceptible to this type of misuse.

AB - As the widespread use and acceptance of Bluetooth continues concerns are being raised related to security vulnerabilities and privacy issues inherent in the use of this technology. Inadequate device resources and lack of user awareness has compounded this issue where the emphasis on design constraints, functionality and ease of use sometimes outweigh security concerns. Recently some concerns have being highlighted relating to the possible security vulnerabilities in commonly used devices, and also the possibility of the imperceptible tracking of device users through the use of distributed and connected Bluetooth sensor nodes. This paper discusses some of these issues and highlights a number of vulnerabilities in the current generation of Bluetooth enabled devices. In particular, the current methods being used to exploit these vulnerabilities are discussed and the results from a case study are presented which identify the percentage of popular devices susceptible to this type of misuse.

KW - Bluetooth Security

KW - Bluesnarfing

KW - Bluebug

KW - Privacy.

M3 - Article

VL - 6

SP - 125

EP - 129

JO - International Journal of Computer Science and Network Security

JF - International Journal of Computer Science and Network Security

SN - 1738-7906

IS - 4

ER -

Case Study on the Bluetooth Vulnerabilities in Mobile Devices

Abstract

Bibliographical note

Keywords

Access to Document

Fingerprint

Cite this