Security: Plug Those Bluetooth Inspired Vulnerabilities
Bluetooth is the wireless technology most often used to synchronize your mobile device to a desktop computer. It also enables wireless keyboards and mice to connect to desktop or laptop computers, for example.
Designed to link up devices that are in close proximity of their hosting system, Bluetooth today is used in many leading cell phones and smartphones, including those built on the Windows Mobile, Palm, Symbian and RIM BlackBerry platforms. Most Bluetooth users don’t even realize they are using the technology when connecting to a wireless headset with their mobile handset, transferring files and music, or playing video games with opponents sans wires, however.
Despite(and because of) its usefulness, the technology has the potential to be a huge security risk.
Origins
Bluetooth was developed by the Bluetooth Special Interest Group (SIG), whose founders included Agere, Ericsson, IBM, Intel, Microsoft, Motorola, Nokia and Toshiba. Today the Bluetooth SIG has over 3,400 members.
Digg
Newvine
DZone
Reddit
Slashdot
StumbleUpon
del.icio.us
Facebook
FriendFeed
FurlBluetooth uses radio frequencies in the range of 2.45 GHz. There are three different classes of Bluetooth devices depending on their power capabilities.
The most recent copy of the Bluetooth specification was published in March of 2005. In order to qualify as Bluetooth, products must comply with SIG’s Bluetooth Program Reference Document. Vendors must apply for this qualification.
Vulnerabilities
While Bluetooth is a cool and useful technology, there are certain security vulnerabilities associated with it. The more well-known Bluetooth security vulnerabilities have been dubbed Bluesnarfing and Bluejacking.
Bluejacking
When users send an unsolicited message to a Bluetooth phone, this is known as Bluejacking. While it is primarily an annoyance, it can also be alarming. For example, if you are sitting in a coffee shop, and a message that said, “I am watching you and plan on following you home,” you may become concerned about your personal safety.
Essentially, Bluejacking is Bluetooth spam.
With a Bluetooth device, other Bluetooth enabled devices that are in the range of your device show up on your screen. Once your Bluetooth device is visible to other Bluetooth devices, they can send messages to you whether you want them to or not.
Bluetooth was designed so that you could trade contact information with another Bluetooth user. Bluejackers send the unsolicited message from their contacts list but instead of putting in a contact name, they type in the message.
Bluesnarfing
Bluesnarfing also exploits the contacts list. When a Bluetooth device is in visible mode (or discoverable mode), actively searching other Bluetooth devices, there exists the capability to obtain the other devices entire contact list. Not only can you copy another person’s contact list without them knowing it, you can modify their phone numbers and e-mail addresses on the contact list, essentially destroying it.
Chances are the exploited device has a backup of the contact last on a PC somewhere, but it might not. Because of Bluesnarfing, yo may might not have the right phone numbers in a time sensitive situation.
Private identity information is not the only item at risk from your contacts list, as many people store other kinds of information as well. If credit card numbers are stored in your contacts database, for example, they can be pilfered by other Bluetooth users without you knowing it.
Any information in your contacts list is vulnerable.
More Holes
Bluetooth devices are vulnerable to battery degradation Denial of Service attacks too. If other Bluetooth devices continually connect with your Bluetooth device, it will wear down the battery very quickly and you may not even realize this is happening. If you are in an emergency situation, the last thing you want is to find out you can’t make a phone call.
Imagine the crimes against children that could be committed if a pedophile starts Bluejacking a teenager’s cell phone with inappropriate messages, and then destroys the pre-programmed phone numbers preventing the child from calling his parent’s for help. While most kids know their home phone number, it’s often the case that they don’t know their parents’ work phone numbers from memory.
Bluetooth devices are also vulnerable to viruses and worms. The Cabir mobile worm infects Bluetooth devices by passing a file from one Bluetooth device to another through the Bluetooth connection. Though your phone has to be in visible (or discoverable) mode to be affected by this virus, many users leave their Bluetooth device in visible mode unknowingly.
When this worm infects your phone, it drains the battery life from it by incessantly trying to infect other Bluetooth devices through the Bluetooth port.
Plug Bluetooth Holes
PrecautionsOne of the best ways to mitigate Bluetooth threats is to first become aware that the threats exist and your Bluetooth device is vulnerable to them. Organizations that allow their employees to use Bluetooth devices should include information about Bluetooth risks in their security awareness and training programs.
If you configure your Bluetooth device to remain in invisible mode (with discoverable mode turned off) and leave it in this mode until you actually need to use Bluetooth for something, you will reduce your risks considerably. However, even when your Bluetooth device is operating in invisible mode, certain brute force attacks that make use of device’s MAC address are still possible.
Therefore, if you are not using your Bluetooth device, you should keep it turned off.
Bluetooth operates in three different security modes:
Even with this exploit window, you are still better off using Bluetooth in Mode 3 than either of the other two modes.
Bluetooth devices allow you to establish a PIN for key exchanges. You should always select a PIN that does not spell a word and one that consists of both letters and numbers. In the event that a Bluetooth sniffer obtains your key length, it will make it more cumbersome for the intruder to perform a brute force dictionary attack. Sometimes increasing the time it takes to exploit a vulnerability creates enough trouble to a hacker that is dissuades an attack altogether.
Some Bluetooth devices are more vulnerable than others. Before purchasing a Bluetooth enabled phone, do some research and find out what Bluetooth vulnerabilities have been reported for the particular model you are considering.
Third Parties
There are some products to help protect Bluetooth devices listed in Table 1. All of them should be fully tested using an evaluation copy before purchase.
Table 1: Tools to Reduce Bluetooth Threats
|
Product Name |
Vendor Name |
Vendor Website |
|
AirDefense Bluewatch |
Conqwest |
|
|
Mobile Security Suite |
Bluefire Security |
|
|
F-Secure |
F-Secure |
|
|
mCloak |
Mobile Cloak |
|
|
Pointsec for < platform > |
Pointsec |
|
|
Trust Digital |
TrustDigital |
Additional Resources
Useful information on Bluetooth can be found at the following URLs:
Bluetooth Program Reference document
http://qualweb.bluetooth.org/Content2/DownloadExecute.cfm?RevisionHistoryID=692&FileName=PRD_10_And_Addendum_1.zip
Special Publication 800-48, National Institute of Standards and Technology
Wireless Network Security – 802.11, Bluetooth and Handheld Devices
http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf
Hacking Bluetooth Enabled Phones and Beyond
http://trifinite.org/Downloads/21c3_Bluetooth_Hacking.pdf
Bluetooth and Linux
http://www.holtmann.org/linux/bluetooth/
TAGS:
Linux, services, Microsoft, wireless, Intel
Comment and Contribute
Helpful Links
IT Is Going Mobile
Research firms suggest that mobile device sales will surpass PC sales by the end of the year, so there's no denying the impact of consumerization of IT. If tablets aren't on your corporate purchasing list, you may soon find yourself behind your biggest -- and suddenly more mobile -- competitors. Download this report and learn where you need to invest your mobile money.
