Security: Plug Those Bluetooth Inspired Vulnerabilities

Bluetooth is the wireless technology most often used to synchronize your mobile device to a desktop computer. It also enables wireless keyboards and mice to connect to desktop or laptop computers, for example.

Designed to link up devices that are in close proximity of their hosting system, Bluetooth today is used in many leading cell phones and smartphones, including those built on the Windows Mobile, Palm, Symbian and RIM BlackBerry platforms. Most Bluetooth users don’t even realize they are using the technology when connecting to a wireless headset with their mobile handset, transferring files and music, or playing video games with opponents sans wires, however.

Despite(and because of) its usefulness, the technology has the potential to be a huge security risk.

Origins
Bluetooth was developed by the Bluetooth Special Interest Group (SIG), whose founders included Agere, Ericsson, IBM, Intel, Microsoft, Motorola, Nokia and Toshiba. Today the Bluetooth SIG has over 3,400 members.

Bluetooth uses radio frequencies in the range of 2.45 GHz. There are three different classes of Bluetooth devices depending on their power capabilities.

 

  • A device that can transmit 100 mW of power up to 100 meters away is considered a Class 1 device.
  • A device that can transmit 1-2.5 mW power up to 10 meters is considered a Class 2 device.
  • And a device that can transmit 1mW power up to 10 meters is considered a Class 1 device.

     

    The most recent copy of the Bluetooth specification was published in March of 2005. In order to qualify as Bluetooth, products must comply with SIG’s Bluetooth Program Reference Document. Vendors must apply for this qualification.

  • Vulnerabilities

    While Bluetooth is a cool and useful technology, there are certain security vulnerabilities associated with it. The more well-known Bluetooth security vulnerabilities have been dubbed Bluesnarfing and Bluejacking.

     

    Bluejacking
    When users send an unsolicited message to a Bluetooth phone, this is known as Bluejacking. While it is primarily an annoyance, it can also be alarming. For example, if you are sitting in a coffee shop, and a message that said, “I am watching you and plan on following you home,” you may become concerned about your personal safety.

    Essentially, Bluejacking is Bluetooth spam.

    With a Bluetooth device, other Bluetooth enabled devices that are in the range of your device show up on your screen. Once your Bluetooth device is visible to other Bluetooth devices, they can send messages to you whether you want them to or not.

    Bluetooth was designed so that you could trade contact information with another Bluetooth user. Bluejackers send the unsolicited message from their contacts list but instead of putting in a contact name, they type in the message.

     

    Bluesnarfing
    Bluesnarfing also exploits the contacts list. When a Bluetooth device is in visible mode (or discoverable mode), actively searching other Bluetooth devices, there exists the capability to obtain the other devices entire contact list. Not only can you copy another person’s contact list without them knowing it, you can modify their phone numbers and e-mail addresses on the contact list, essentially destroying it.

    Chances are the exploited device has a backup of the contact last on a PC somewhere, but it might not. Because of Bluesnarfing, yo may might not have the right phone numbers in a time sensitive situation.

    Private identity information is not the only item at risk from your contacts list, as many people store other kinds of information as well. If credit card numbers are stored in your contacts database, for example, they can be pilfered by other Bluetooth users without you knowing it.

    Any information in your contacts list is vulnerable.

    More Holes
    Bluetooth devices are vulnerable to battery degradation Denial of Service attacks too. If other Bluetooth devices continually connect with your Bluetooth device, it will wear down the battery very quickly and you may not even realize this is happening. If you are in an emergency situation, the last thing you want is to find out you can’t make a phone call.

     

    Imagine the crimes against children that could be committed if a pedophile starts Bluejacking a teenager’s cell phone with inappropriate messages, and then destroys the pre-programmed phone numbers preventing the child from calling his parent’s for help. While most kids know their home phone number, it’s often the case that they don’t know their parents’ work phone numbers from memory.

    Bluetooth devices are also vulnerable to viruses and worms. The Cabir mobile worm infects Bluetooth devices by passing a file from one Bluetooth device to another through the Bluetooth connection. Though your phone has to be in visible (or discoverable) mode to be affected by this virus, many users leave their Bluetooth device in visible mode unknowingly.

    When this worm infects your phone, it drains the battery life from it by incessantly trying to infect other Bluetooth devices through the Bluetooth port.

    Plug Bluetooth Holes

    Precautions
    One of the best ways to mitigate Bluetooth threats is to first become aware that the threats exist and your Bluetooth device is vulnerable to them. Organizations that allow their employees to use Bluetooth devices should include information about Bluetooth risks in their security awareness and training programs.

    If you configure your Bluetooth device to remain in invisible mode (with discoverable mode turned off) and leave it in this mode until you actually need to use Bluetooth for something, you will reduce your risks considerably. However, even when your Bluetooth device is operating in invisible mode, certain brute force attacks that make use of device’s MAC address are still possible.

    Therefore, if you are not using your Bluetooth device, you should keep it turned off.

    Bluetooth operates in three different security modes:

     

  • Mode 1 offers no security whatsoever.

     

  • Mode 2 offers some security of services after the session has already been established.

     

  • Mode 3 operates at the link level and offers the strongest security. It offers enhanced security by establishing an initialization key that is used for authentication between two Bluetooth devices. However, the initial key exchange is not encrypted, and therefore, there is still a small window of opportunity when data on the Bluetooth device is vulnerable.

    Even with this exploit window, you are still better off using Bluetooth in Mode 3 than either of the other two modes.

    Bluetooth devices allow you to establish a PIN for key exchanges. You should always select a PIN that does not spell a word and one that consists of both letters and numbers. In the event that a Bluetooth sniffer obtains your key length, it will make it more cumbersome for the intruder to perform a brute force dictionary attack. Sometimes increasing the time it takes to exploit a vulnerability creates enough trouble to a hacker that is dissuades an attack altogether.

    Some Bluetooth devices are more vulnerable than others. Before purchasing a Bluetooth enabled phone, do some research and find out what Bluetooth vulnerabilities have been reported for the particular model you are considering.

    Third Parties
    There are some products to help protect Bluetooth devices listed in Table 1. All of them should be fully tested using an evaluation copy before purchase.

     

  • AirDefense Bluewatch is essentially a Bluetooth intrusion detection product. It identifies Bluetooth devices that are in range of your device.
  • Mobile Security Suite by Bluefire Security offers protection against Bluetooth exploits by encrypting all personal information data, including the contacts list.
  • F-Secure Mobile Anti-Virus can help detect and disinfect some Bluetooth viruses.
  • Mobile Cloak offers a unique shielding bag that you put your Bluetooth device inside of to prevent leakage of signals.
  • Pointsec offers an epoymous product suite that provides data encryption for mobile devices.  

    Table 1: Tools to Reduce Bluetooth Threats

    Product Name

    Vendor Name

    Vendor Website

    AirDefense Bluewatch

    Conqwest 

    http://www.conqwest.com/solutions-airdefense.html

    Mobile Security Suite

    Bluefire Security

    http://www.bluefiresecurity.com/products.html

    F-Secure Mobile Anti-Virus

    F-Secure

    http://www.f-secure.com/wireless/

    mCloak 

    Mobile Cloak

    http://www.mobilecloak.com/

    Pointsec for < platform >

    Pointsec 

    http://www.pointsec.com/core/default.asp

    Trust Digital Mobile Edition

    TrustDigital 

    http://www.trustdigital.com/

    Additional Resources

    Useful information on Bluetooth can be found at the following URLs:

    Bluetooth Program Reference document
    http://qualweb.bluetooth.org/Content2/DownloadExecute.cfm?RevisionHistoryID=692&FileName=PRD_10_And_Addendum_1.zip

    Special Publication 800-48, National Institute of Standards and Technology
    Wireless Network Security – 802.11, Bluetooth and Handheld Devices
    http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf

    Hacking Bluetooth Enabled Phones and Beyond
    http://trifinite.org/Downloads/21c3_Bluetooth_Hacking.pdf

    Bluetooth and Linux
    http://www.holtmann.org/linux/bluetooth/

  • TAGS:

    Linux, services, Microsoft, wireless, Intel

    Comment and Contribute



      (Maximum characters: 1200). You have 1200 characters left.