Case Study on the Bluetooth Vulnerabilities in Mobile Devices

Research output: Contribution to journalArticle

Abstract

As the widespread use and acceptance of Bluetooth continues concerns are being raised related to security vulnerabilities and privacy issues inherent in the use of this technology. Inadequate device resources and lack of user awareness has compounded this issue where the emphasis on design constraints, functionality and ease of use sometimes outweigh security concerns. Recently some concerns have being highlighted relating to the possible security vulnerabilities in commonly used devices, and also the possibility of the imperceptible tracking of device users through the use of distributed and connected Bluetooth sensor nodes. This paper discusses some of these issues and highlights a number of vulnerabilities in the current generation of Bluetooth enabled devices. In particular, the current methods being used to exploit these vulnerabilities are discussed and the results from a case study are presented which identify the percentage of popular devices susceptible to this type of misuse.
LanguageEnglish
Pages125-129
JournalIJCSNS International Journal of Computer Science and Network Security
Volume6
Issue number4
Publication statusPublished - 1 Apr 2006

Fingerprint

Bluetooth
Mobile devices
Sensor nodes

Keywords

  • Bluetooth Security
  • Bluesnarfing
  • Bluebug
  • Privacy.

Cite this

@article{f5a977820c1c4f9c8b775bc3be0ef3b6,
title = "Case Study on the Bluetooth Vulnerabilities in Mobile Devices",
abstract = "As the widespread use and acceptance of Bluetooth continues concerns are being raised related to security vulnerabilities and privacy issues inherent in the use of this technology. Inadequate device resources and lack of user awareness has compounded this issue where the emphasis on design constraints, functionality and ease of use sometimes outweigh security concerns. Recently some concerns have being highlighted relating to the possible security vulnerabilities in commonly used devices, and also the possibility of the imperceptible tracking of device users through the use of distributed and connected Bluetooth sensor nodes. This paper discusses some of these issues and highlights a number of vulnerabilities in the current generation of Bluetooth enabled devices. In particular, the current methods being used to exploit these vulnerabilities are discussed and the results from a case study are presented which identify the percentage of popular devices susceptible to this type of misuse.",
keywords = "Bluetooth Security, Bluesnarfing, Bluebug, Privacy.",
author = "A solon and MJ Callaghan and Jim Harkin and TM McGinnity",
note = "Reference text: 1] Official Bluetooth Website, http://www.bluetooth.com/, Site visited 02/12/05. [2] B. L. & A. Laurie, “Serious flaws in Bluetooth security lead to disclosure of personal data”, A.L. Digital Ltd. Technical report, http://bluestumbler.org/, Site visited 02/12/05. [3] Herfurt, M., “Bluesnarf @ CeBIT 2004”, Technical Report, Salzburg Research Forschungsgesellschaft mbH http://www.trifinite.org/Downloads/BlueSnarf_CeBIT2004.pdf. [4] Haase, M., Handy, M., and D. Timmermann, “Bluetrack- Imperceptible Tracking of Bluetooth devices”, UbiComp 2004, Nottingham, Great Britain, UK, September 2004. [5] Bluetrack Project Homepage, http://www-md.e-technik.unirostock. de/forschung/projekte/BlueTrack, Site visited 02/12/05. [6] RedFang Bluetooth Discovery Tool, http://www.securiteam.com/tools/5JP0I1FAAE.html, Site visited 02/12/05. [7] Gnokii Toolkit Homepage, http://www.gnokii.org, Site visited 02/12/05. [8] Haase, M., Nickel, T., Esins, S., and R. M{\"o}ckel, “Bluetrack- Imperceptible Tracking of Bluetooth devices”, CeBIT 2004 Poster presentation, http://www-md.e-technik.unirostock. de/ma/hm27/bluetrack-eng.pdf. [9] IEEE Bluetooth OUI listing, Site visited 02/12/05. http://standards.ieee.org/regauth/oui/index.shtml, [10] PhpMyAdmin Project Homepage, http://www.phpmyadmin.net, Site visited 02/12/05. [11] IDC Western Europe Second Quarter Mobile Phone Report, http://www.idc.com, Site visited 02/12/05. [12] Mulliner, C., and M. Herfurt, “Blueprinting - Remote Device Identification Techniques”, 21st Chaos Communication Congress (21C3), Berlin, Germany, December 2004. [13] ZDNet Technology News Homepage, http://news.zdnet.co.uk, Site visited 02/12/05.",
year = "2006",
month = "4",
day = "1",
language = "English",
volume = "6",
pages = "125--129",
number = "4",

}

Case Study on the Bluetooth Vulnerabilities in Mobile Devices. / solon, A; Callaghan, MJ; Harkin, Jim; McGinnity, TM.

Vol. 6, No. 4, 01.04.2006, p. 125-129.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Case Study on the Bluetooth Vulnerabilities in Mobile Devices

AU - solon, A

AU - Callaghan, MJ

AU - Harkin, Jim

AU - McGinnity, TM

N1 - Reference text: 1] Official Bluetooth Website, http://www.bluetooth.com/, Site visited 02/12/05. [2] B. L. & A. Laurie, “Serious flaws in Bluetooth security lead to disclosure of personal data”, A.L. Digital Ltd. Technical report, http://bluestumbler.org/, Site visited 02/12/05. [3] Herfurt, M., “Bluesnarf @ CeBIT 2004”, Technical Report, Salzburg Research Forschungsgesellschaft mbH http://www.trifinite.org/Downloads/BlueSnarf_CeBIT2004.pdf. [4] Haase, M., Handy, M., and D. Timmermann, “Bluetrack- Imperceptible Tracking of Bluetooth devices”, UbiComp 2004, Nottingham, Great Britain, UK, September 2004. [5] Bluetrack Project Homepage, http://www-md.e-technik.unirostock. de/forschung/projekte/BlueTrack, Site visited 02/12/05. [6] RedFang Bluetooth Discovery Tool, http://www.securiteam.com/tools/5JP0I1FAAE.html, Site visited 02/12/05. [7] Gnokii Toolkit Homepage, http://www.gnokii.org, Site visited 02/12/05. [8] Haase, M., Nickel, T., Esins, S., and R. Möckel, “Bluetrack- Imperceptible Tracking of Bluetooth devices”, CeBIT 2004 Poster presentation, http://www-md.e-technik.unirostock. de/ma/hm27/bluetrack-eng.pdf. [9] IEEE Bluetooth OUI listing, Site visited 02/12/05. http://standards.ieee.org/regauth/oui/index.shtml, [10] PhpMyAdmin Project Homepage, http://www.phpmyadmin.net, Site visited 02/12/05. [11] IDC Western Europe Second Quarter Mobile Phone Report, http://www.idc.com, Site visited 02/12/05. [12] Mulliner, C., and M. Herfurt, “Blueprinting - Remote Device Identification Techniques”, 21st Chaos Communication Congress (21C3), Berlin, Germany, December 2004. [13] ZDNet Technology News Homepage, http://news.zdnet.co.uk, Site visited 02/12/05.

PY - 2006/4/1

Y1 - 2006/4/1

N2 - As the widespread use and acceptance of Bluetooth continues concerns are being raised related to security vulnerabilities and privacy issues inherent in the use of this technology. Inadequate device resources and lack of user awareness has compounded this issue where the emphasis on design constraints, functionality and ease of use sometimes outweigh security concerns. Recently some concerns have being highlighted relating to the possible security vulnerabilities in commonly used devices, and also the possibility of the imperceptible tracking of device users through the use of distributed and connected Bluetooth sensor nodes. This paper discusses some of these issues and highlights a number of vulnerabilities in the current generation of Bluetooth enabled devices. In particular, the current methods being used to exploit these vulnerabilities are discussed and the results from a case study are presented which identify the percentage of popular devices susceptible to this type of misuse.

AB - As the widespread use and acceptance of Bluetooth continues concerns are being raised related to security vulnerabilities and privacy issues inherent in the use of this technology. Inadequate device resources and lack of user awareness has compounded this issue where the emphasis on design constraints, functionality and ease of use sometimes outweigh security concerns. Recently some concerns have being highlighted relating to the possible security vulnerabilities in commonly used devices, and also the possibility of the imperceptible tracking of device users through the use of distributed and connected Bluetooth sensor nodes. This paper discusses some of these issues and highlights a number of vulnerabilities in the current generation of Bluetooth enabled devices. In particular, the current methods being used to exploit these vulnerabilities are discussed and the results from a case study are presented which identify the percentage of popular devices susceptible to this type of misuse.

KW - Bluetooth Security

KW - Bluesnarfing

KW - Bluebug

KW - Privacy.

M3 - Article

VL - 6

SP - 125

EP - 129

IS - 4

ER -