Improving Compliance with Bluetooth Device Detection

Eoghan Furey, Martin Davies, Kevin Curran

Research output: Contribution to journalArticle

Abstract

The number of devices containing Bluetooth chipsets is continuing to rise and there exists a need
to stem the tidal wave of vulnerabilities brought by the Bring Your Own Device (BYOD) and Internet of
Things (IoT) phenomena. With Bluetooth enabled but discovery mode turned off, auditing for Bluetooth
devices, or creating an accurate Bluetooth device hardware log is limited. The software tools and hardware
devices to monitor WiFi networking signals have long been a part of the security auditor’s arsenal, but
similar tools for Bluetooth are bespoke, expensive, and not adopted by most security pentesters. However,
this has changed with the introduction of the Ubertooth One, a low-cost and open-source platform for
monitoring Bluetooth Classic signals. Using a combination of the Ubertooth One, and other high-power
Bluetooth devices, an auditor should now be able to actively scan for rogue devices that may otherwise
have been missed. This research examines various hardware combinations that can be used to achieve
this functionality, and the possible implications from a compliance point of view, with a focus on
the standards used by the Payment Card Industry Data Security Standard (PCI-DSS), and the guidelines
offered by the National Institute of Standards and Technology (NIST). We compare the results of scanning
with traditional Bluetooth devices as opposed to an Ubertooth/Bluetooth combination. We show how
the ability to monitor a larger portion of Bluetooth traffic can highlight serious implications in the compliance
landscape of many organisations and companies. We demonstrate that identifying non-discoverable
devices with Bluetooth enabled is a crucial element in holistic security monitoring of threats.
LanguageEnglish
Pages2355-2369
Number of pages12
JournalTELKOMNIKA (Telecommunication, Computing, Electronics and Control)
Volume17
Issue number5
DOIs
Publication statusPublished - 1 Oct 2019

Fingerprint

Bluetooth
Arsenals
Hardware
Compliance
Tsunamis
Security of data
Industry
Internet
Monitoring

Cite this

@article{9a9ee754b504470ba2961c25e207d701,
title = "Improving Compliance with Bluetooth Device Detection",
abstract = "The number of devices containing Bluetooth chipsets is continuing to rise and there exists a needto stem the tidal wave of vulnerabilities brought by the Bring Your Own Device (BYOD) and Internet ofThings (IoT) phenomena. With Bluetooth enabled but discovery mode turned off, auditing for Bluetoothdevices, or creating an accurate Bluetooth device hardware log is limited. The software tools and hardwaredevices to monitor WiFi networking signals have long been a part of the security auditor’s arsenal, butsimilar tools for Bluetooth are bespoke, expensive, and not adopted by most security pentesters. However,this has changed with the introduction of the Ubertooth One, a low-cost and open-source platform formonitoring Bluetooth Classic signals. Using a combination of the Ubertooth One, and other high-powerBluetooth devices, an auditor should now be able to actively scan for rogue devices that may otherwisehave been missed. This research examines various hardware combinations that can be used to achievethis functionality, and the possible implications from a compliance point of view, with a focus onthe standards used by the Payment Card Industry Data Security Standard (PCI-DSS), and the guidelinesoffered by the National Institute of Standards and Technology (NIST). We compare the results of scanningwith traditional Bluetooth devices as opposed to an Ubertooth/Bluetooth combination. We show howthe ability to monitor a larger portion of Bluetooth traffic can highlight serious implications in the compliancelandscape of many organisations and companies. We demonstrate that identifying non-discoverabledevices with Bluetooth enabled is a crucial element in holistic security monitoring of threats.",
author = "Eoghan Furey and Martin Davies and Kevin Curran",
year = "2019",
month = "10",
day = "1",
doi = "10.12928/TELKOMNIKA.v17i5.12929",
language = "English",
volume = "17",
pages = "2355--2369",
journal = "TELKOMNIKA (Telecommunication, Computing, Electronics and Control)",
issn = "1693-6930",
number = "5",

}

Improving Compliance with Bluetooth Device Detection. / Furey, Eoghan; Davies, Martin; Curran, Kevin.

In: TELKOMNIKA (Telecommunication, Computing, Electronics and Control), Vol. 17, No. 5, 01.10.2019, p. 2355-2369.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Improving Compliance with Bluetooth Device Detection

AU - Furey, Eoghan

AU - Davies, Martin

AU - Curran, Kevin

PY - 2019/10/1

Y1 - 2019/10/1

N2 - The number of devices containing Bluetooth chipsets is continuing to rise and there exists a needto stem the tidal wave of vulnerabilities brought by the Bring Your Own Device (BYOD) and Internet ofThings (IoT) phenomena. With Bluetooth enabled but discovery mode turned off, auditing for Bluetoothdevices, or creating an accurate Bluetooth device hardware log is limited. The software tools and hardwaredevices to monitor WiFi networking signals have long been a part of the security auditor’s arsenal, butsimilar tools for Bluetooth are bespoke, expensive, and not adopted by most security pentesters. However,this has changed with the introduction of the Ubertooth One, a low-cost and open-source platform formonitoring Bluetooth Classic signals. Using a combination of the Ubertooth One, and other high-powerBluetooth devices, an auditor should now be able to actively scan for rogue devices that may otherwisehave been missed. This research examines various hardware combinations that can be used to achievethis functionality, and the possible implications from a compliance point of view, with a focus onthe standards used by the Payment Card Industry Data Security Standard (PCI-DSS), and the guidelinesoffered by the National Institute of Standards and Technology (NIST). We compare the results of scanningwith traditional Bluetooth devices as opposed to an Ubertooth/Bluetooth combination. We show howthe ability to monitor a larger portion of Bluetooth traffic can highlight serious implications in the compliancelandscape of many organisations and companies. We demonstrate that identifying non-discoverabledevices with Bluetooth enabled is a crucial element in holistic security monitoring of threats.

AB - The number of devices containing Bluetooth chipsets is continuing to rise and there exists a needto stem the tidal wave of vulnerabilities brought by the Bring Your Own Device (BYOD) and Internet ofThings (IoT) phenomena. With Bluetooth enabled but discovery mode turned off, auditing for Bluetoothdevices, or creating an accurate Bluetooth device hardware log is limited. The software tools and hardwaredevices to monitor WiFi networking signals have long been a part of the security auditor’s arsenal, butsimilar tools for Bluetooth are bespoke, expensive, and not adopted by most security pentesters. However,this has changed with the introduction of the Ubertooth One, a low-cost and open-source platform formonitoring Bluetooth Classic signals. Using a combination of the Ubertooth One, and other high-powerBluetooth devices, an auditor should now be able to actively scan for rogue devices that may otherwisehave been missed. This research examines various hardware combinations that can be used to achievethis functionality, and the possible implications from a compliance point of view, with a focus onthe standards used by the Payment Card Industry Data Security Standard (PCI-DSS), and the guidelinesoffered by the National Institute of Standards and Technology (NIST). We compare the results of scanningwith traditional Bluetooth devices as opposed to an Ubertooth/Bluetooth combination. We show howthe ability to monitor a larger portion of Bluetooth traffic can highlight serious implications in the compliancelandscape of many organisations and companies. We demonstrate that identifying non-discoverabledevices with Bluetooth enabled is a crucial element in holistic security monitoring of threats.

U2 - 10.12928/TELKOMNIKA.v17i5.12929

DO - 10.12928/TELKOMNIKA.v17i5.12929

M3 - Article

VL - 17

SP - 2355

EP - 2369

JO - TELKOMNIKA (Telecommunication, Computing, Electronics and Control)

T2 - TELKOMNIKA (Telecommunication, Computing, Electronics and Control)

JF - TELKOMNIKA (Telecommunication, Computing, Electronics and Control)

SN - 1693-6930

IS - 5

ER -