Bluebugging

Bluebugging allows skilled individuals to access the mobile

phone commands using Bluetooth wireless technology
without notifying or alerting the phones user. This
vulnerability allows the hacker to initiate phone calls, send
and receive text messages, read and write phonebook
contacts, eavesdrop on phone conversations, and connect to
the Internet. As with all the attacks, without specialied
e!uipment, the hacker must be within a "#$meter range of
the phone. This is a separate vulnerability from bluesnarfing
and does not affect all of the same phones as bluesnarfing.
Bluesnarfing
Bluesnarfing allows hackers to gain access to data stored on
a Bluetooth enabled phone using Bluetooth wireless
technology without alerting the phones user of the
connection made to the device. The information that can be
accessed in this manner includes the phonebook and
associated images, calendar, and I%&I 'international mobile
e!uipment identity(. By setting the device in non$
discoverable, it becomes significantly more difficult to find
and attack the device. )ithout specialied e!uipment the
hacker must be within a "# meter range of the device while
running a device with specialied software. *nly specific
older Bluetooth enabled phones are susceptible to
bluesnarfing.
Car Whisperer
The car whisperer is a software tool developed by security
researchers to connect to and send or receive audio to and
from Bluetooth car$kits with a specific implementation. An
individual using the tool could potentially remotely connect
to and communicate with a car from an unauthoried remote
device, sending audio to the speakers and receiving audio
from the microphone in the remote device. )ithout
specialied e!uipment, someone using the tool must be
within a "# meter range of the targeted car while running a
laptop with the car whisperer tool. The security researchers
goal was to highlight an implementation weakness in a
select number of Bluetooth enabled car$kits and pressure
manufacturers to better secure Bluetooth enabled devices.
Cabir Worm
The cabir worm is malicious software, also known as
malware. )hen installed on a phone, it uses Bluetooth
technology to send itself to other similarly vulnerable
devices. +ue to this self$replicating behaviour, it is
classified as a worm. The cabir worm currently only affects
mobile phones that use the ,ymbian series -# user interface
platform and feature Bluetooth wireless technology.
.urthermore, the user has to manually accept the worm and
install the malware in order to infect the phone.
*ne of the best ways to avoid these threats is to have a
secure /I0 number. The personal identification number
'/I0( is a four or more digit alphanumeric code that is
temporarily associated with one1s products for the purposes
of a one time secure pairing. It is recommended that users
employ at minimum an eight character or more
alphanumeric /I0 when possible. /roduct owners must
share that /I0 number only with trusted individuals and
trusted products for pairing. )ithout this /I0 number,
pairing cannot occur. It is always advisable to pair products
in areas with relative privacy. Avoid pairing your Bluetooth
enabled devices in public. If, for some reason, your devices
become unpaired, wait until you are in a secure, private
location before repairing your devices.
Theoretically a hacker can monitor and record activities in
the fre!uency spectrum and then use a computer
to regenerate the /I0 codes being exchanged.
This re!uires specially built hardware and
thorough knowledge of Bluetooth systems. By
using a /I0 code with eight or more
alphanumeric characters it would take the hacker
years to discover the /I0. By using a four digit
numeric /I0 code, the hacker could discover the
/I0 in a matter of a few hours. ,till advanced
software is re!uired.
7.Conclusion
)e have now examined Bluetooth in general, some of the
security properties of distributed systems and ad hoc
networks and the Bluetooth security mechanisms. As was
seen, the Bluetooth1s security seemed to be ade!uate only for
small ad hoc networks, such as a network of the participants
in a meeting. 2onnecting a /+A to a mobile phone using
Bluetooth may also be secure enough, but is Bluetooth
secure enough for larger ad hoc networks, money transfers
and transferring other sensitive information3
In the light of this study, it seems that the security of
Bluetooth is still inade!uate for any serious, security
sensitive work. After the basic problems have been
corrected, the more sophisticated security methods may be
implemented on the upper levels. The security specification
only considers simple issues and the more functional
security has to be built above it. This includes the better
security authoriation systems with possible 4+2s and
distributed secret schemes. The secure routing protocols for
larger ad hoc networks must also be implemented
separately.
8.Reference
5"6. http788www.bluetooth.com
596. http788www.bluetooth.org
5:6. http788www.howstuffworks.com8bluetooth.htm
5;6. http788www.wirelessdevnet.com
5<6. http788www.sysopt.com
5-6. http788hotbot.com8
5=6. http788www.bluelon.com
5>6. http788news.dnet.co.uk
5?6. http788www.pcworld.com
5"#6.@uha T. Aainio, BBluetooth ,ecurityC, Article, Delsinki
Eniversity of Technology, 9<$#<$9###
5""6. Taub and ,helling, B/rinciples of 2ommunicationC
T%D
5"96. ,ham ,hanmugan, Analog an +igital
2ommunication, &dition 9.
5":6. )illiam ,tarling, 2ryptography
BLUETOOTH SECURITY
4.+hanraF
+epartment of &lectronics and 2ommunication
VIGNANA BHARATHI INSTITUTE OF TECHNOLOGY
Affiliated to @0TE
Abstract
Bluetooth is a way of connecting machines to each other
without cables or any other physical medium. It uses radio
waves to transfer information, so it is very susceptible to
attacks. This paper first gives some background information
about Bluetooth system. It then concentrates on its
operation, features, comparison with other technologies, its
network topology and security issues in Bluetooth enabled
devices with possible solution.
1. Introduction
Bluetooth, the new technology named after the "#th 2entury
+anish 4ing Darold Bluetooth, is a hot topic among
wireless developers. This article will provide an introduction
to the technology.
Bluetooth was designed to allow low bandwidth wireless
connections to become so simple to use that they seamlessly
integrate into your daily life. A simple example of a
Bluetooth application is updating the phone directory of
your mobile phone. Today, you would have to either
manually enter the names and phone numbers of all your
contacts or use a cable or IG link between your phone and
your /2 and start an application to synchronie the contact
information. )ith Bluetooth, this could all happen
automatically and without any user involvement as soon as
the phone comes within range of the /2H *f course, you can
easily see this expanding to include your calendar, to do list,
memos, email, etc.. This is Fust one of many exciting
applications for this new technologyH 2an you imagine
walking into a store and having all the sale items
automatically available on your cell phone or /+A3 It is a
definite possibility with Bluetooth.
Bluetooth communication occurs in the unlicensed I,%
'Industrial, ,cientific, %edical( band at 9.;ID. The
transceiver utilies fre!uency hopping to reduce interference
and fading. A typical Bluetooth device has a range of about
"# meters. The communication channel can support both
data 'asynchronous( and voice 'synchronous(
communications with a total bandwidth of " %b8sec.
Bluetooth wireless technology is a short$range
communications technology intended to replace the cables
connecting portable and8or fixed devices while maintaining
high levels of security. The key features of Bluetooth
Bluetooth wireless technology can be used for these
applications7
.ile transfer.
/eripheral connectivity.
Ad$hoc networking7 2ommunicating devices can
spontaneously form a community of networks that
persists only as long as it1s needed
+evice synchroniation7 ,eamless connectivity among
/+As, computers, and mobile phones allows
applications to update information on multiple devices
automatically when data on any one device changes.
2ar kits7 Dands$free packages enable users to access
phones and other devices without taking their hands off
the steering wheel
%obile payments7 Jour Bluetooth$enabled phone can
communicate with a Bluetooth$enabled vending machine
to buy a can of +iet /epsi, and put the charge on your
phone bill.
Bluetooth defines provisions for three low$power operating
modes in order to conserve battery life7
,niff %ode
Dold %ode
/ark %ode
2.Bluetooth Oeration
Bluetooth networking transmits data via low$power radio
waves. It communicates on a fre!uency of 9.;< gigahert
'actually between 9.;#9 ID and 9.;># ID, to be exact(.
This fre!uency band has been set aside by international
agreement for the use of industrial, scientific and medical
devices 'I,%(.
A number of devices that you may already use take
advantage of this same band. *ne of the ways Bluetooth
devices avoid interfering with other systems is by sending
out very weak signals of about " milliwatt. The low power
limits the range of a Bluetooth device to about "# meters ':9
feet(, cutting the chances of interference between your
computer system and your portable telephone or television.
&ven with the low power, Bluetooth doesn1t re!uire line of
sight between communicating devices. The walls in your
house won1t stop a Bluetooth signal, making the standard
useful for controlling several devices in different rooms.
technology are robustness, low power, and low cost. The
Bluetooth specification defines a uniform structure for a
wide range of devices to connect and communicate with
each other. A fundamental Bluetooth wireless technology
strength is the ability to simultaneously handle both data and
voice transmissions.
Bluetooth can connect up to eight devices simultaneously.
)ith all of those devices in the same "#$meter ':9$foot(
radius, you might think they1d interfere with one another, but
it1s unlikely. Bluetooth uses a techni!ue called spread$
spectrum fre!uency hopping that makes it rare for more than
one device to be transmitting on the same fre!uency at the
same time. In this techni!ue, a device will use =? individual,
randomly chosen fre!uencies within a designated range,
changing from one to another on a regular basis. In the case
of Bluetooth, the transmitters change fre!uencies ",-##
times every second, meaning that more devices can make
full use of a limited slice of the radio spectrum. ,ince every
Bluetooth transmitter uses spread$spectrum transmitting
automatically, its unlikely that two transmitters will be on
the same fre!uency at the same time. This same techni!ue
minimies the risk that portable phones or baby monitors
will disrupt Bluetooth devices, since any interference on a
particular fre!uency will last only a tiny fraction of a
second.
)hen Bluetooth$capable devices come within range of one
another, an electronic conversation takes place to determine
whether they have data to share or whether one needs to
control the other. The user doesn1t have to press a button or
give a command $$ the electronic conversation happens
automatically. *nce the conversation has occurred, the
devices $$ whether they1re part of a computer system or a
stereo $$ form a network. Bluetooth systems create a
personal$area network '/A0(, or piconet, that may fill a
room or may encompass no more distance than that between
the cell phone on a belt$clip and the headset on your head.
*nce a piconet is established, the members randomly hop
fre!uencies in unison so they stay in touch with one another
and avoid other piconets that may be operating in the same
room.
!."eatures o# Bluetooth Technolo$%
&very technology has its own advantages or features. These
advantages or features are one which if are strong can
dominate its drawbacks or loop holes. This simple and
fascinating technology has dominated its few drawbacks and
is now widely used public.
Bluetooth wireless technology is the simple choice for
convenient, wire$free, short$range communication
between devices
The Bluetooth wireless technology specification is
available free$of$charge to our member companies
around the globe
Bluetooth technology operates in the 9.; ID, one of
the unlicensed industrial, scientific, medical 'I,%(
radio bands
Bluetooth wireless technology is the most widely
supported, versatile, and secure wireless standard on the
market today
Bluetooth technology has built$in security such as
"9>bit encryption and /I0 code authentication. *nce
connected, always securely connected.
&.Co'arison (ith Other Technolo$%
)hen we compare Bluetooth with the other wireless
technologies like Eltra$)ideband, 2ertified )ireless E,B,
)i$.i '>#9.""(, KigBee 'I&&& >#9."<.;(, DI/&G%A0,
DiperLA0, 0ear$.ield %agnetic 2ommunication, 0ear
.ield 2ommunication '0.2(, Infrared 'Ir+A( Bluetooth
makes itself distinguished and efficient from others based on
its following features
Bluetooth wireless technology is geared towards voice
and data applications
Bluetooth wireless technology operates in the unlicensed
9.; ID spectrum
Bluetooth wireless technology can operate over a
distance of "# meters or "## meters depending on the
Bluetooth device class. The peak data rate with &+G is :
%bps
Bluetooth wireless technology is able to penetrate solid
obFects
Bluetooth technology is omni$directional and does not
re!uire line$of$sight positioning of connected devices
,ecurity has always been and continues to be a priority
in the development of the Bluetooth specification. The
Bluetooth specification allows for three modes of
security
To get more clear view about Bluetooth feature lets compare
it with Ir+A and >#9.""b.
Bluetooth Vs IrDA:
Dome electronics devices like TAs and A2Gs communicate
using beams of light in the infrared spectrum. Infrared is
fairly reliable and doesn1t cost much to build into devices. It
does have drawbacks7
It1s line$of$sight, so a sender must align with its receiver.
It1s one$to$one, so a device can1t send to multiple
receivers at the same time.
Infrared1s advantages are conse!uences of its disadvantages7
Because it1s line$of$sight, interference is uncommon.
Because it1s one$to$one, message delivery is reliable7
each message sent goes to the intended recipient no
matter how many infrared receivers are in the room.
Bluetooth vs. 8!.""b
)hile both Bluetooth and I&&& >#9.""b are wireless
communication protocols and both operate in the 9.;ID
band, it is important not to visualie Bluetooth as a
replacement for >#9."" wireless LA0 technology. They1re
+ue the above magnificent features of Bluetooth this
technology which was firstly used in mobiles has now
emerged in development of it different fields.
designed to accomplish different goals.
The >#9.""b protocol is designed to connect relatively large
devices with lots of power and speed, such as desktops and
laptops. +evices communicate at up to "" %bit8sec, at
greater distances 'up to :## feet, or "## meters(. By
contrast, Bluetooth is designed to connect small devices like
/+As, mobile phones, and peripherals at slower speeds '"
%bit8sec(, within a shorter range ':# feet, or "# meters(,
which reduces power re!uirements.
).Bluetooth *et+or, Toolo$%
Bluetooth$enabled devices are organied in groups called
piconets. A piconet consists of a master and up to seven
active slaves. A master and a single slave use point$to$point
communicationM if there are multiple slaves, point$to$
multipoint communication is used. A master unit is the
device that initiates the communication. A device in one
piconet can communicate to another device in another
piconet, forming a scatternet, as depicted in .igure ". 0otice
that a master in one piconet may be a slave in another
piconet7
Scatternet Comprising Three Piconets
The normal duration of transmission is one slot, and a
packet can last up to five time slots in length. In order to
support full$duplex communications, Bluetooth uses a time$
division multiplexing 'T+%( scheme, in which a master
device always uses an even$numbered slot when it transmits,
and a slave uses an odd$numbered slot.
Internally the Bluetooth operation follows certain protocol,
which is as follows in se!uence of operation. This se!uence
is called as Bluetooth protocol stack.
-.Securit%
In any wireless networking setup, security is a concern.
+evices can easily grab radio waves out of the air. Bluetooth
technology is no different $$ it1s wireless and therefore
susceptible to spying and remote access. Bluetooth wireless
technology is no exception. /roduct developers that use
Bluetooth wireless technology in their products have several
options for implementing security. There are three modes of
security for Bluetooth access between two devices.
,ecurity %ode "7 0on$,ecure
,ecurity %ode 97 ,ervice Level &nforced ,ecurity
,ecurity %ode :7 Link Level &nforced ,ecurity
.or devices, normally there are two levels7 %ode " and
%ode 9 which is normally enabled by the manufacturer.
Bluetooth has few threats which are listed below 7
Blue#ac$ing

BlueFacking allows phone users to send business cards
anonymously using Bluetooth wireless technology.
BlueFacking does 0*T involve the removal or alteration of
any data from the device. These business cards often have a
clever or flirtatious message rather than the typical name
and phone number. BlueFackers often look for the receiving
phone to ping or the user to react. They then send another,
more personal message to that device. *nce again, in order
to carry out a blueFacking, the sending and receiving devices
must be within "# meters of one another. /hone owners who
receive blueFack messages should refuse to add the contacts
to their address book. +evices that are set in non$
discoverable mode are not susceptible to blueFacking.