View
214
Download
1
Category
Tags:
Preview:
Citation preview
Introduction to BluetoothBluetooth has become very popular because:• Power efficiency • Low costs • Short range radio frequency wireless device• Bluetooth is a Personal Area Network (PAN) wireless device and can be used for:
–Portable laptops–Printers–Keyboards–Headsets–Cell phones–GPS devices–Ipod’s–PDA’s–Automobile equipment
2
Introduction to Bluetooth
History:Bluetooth name came from Denmark. Originally created by Jaap Haartsen and Sven Mattisson working for Ericsson in 1994.
Further developed by Special Interest Group (SIG) including:
• Ericsson• IBM• Nokia• Intel • Toshiba
In 1999, other companies added support including 3Com Corporation, Lucent Technologies, Microsoft and Motorola
3
Introduction to Bluetooth
Bluetooth features…
• Frequency ~ 2.5GHz. Communication is point to point or one point to several connections. Used globally without a license.
• 10 to 100 meter transmit distances at 1Mbps.
• Uses ad-hoc network, also called piconet. In a piconet, one device acts as master and other devices as slaves. Maximum of seven slaves
• Low and high level of power depending on room size
• Synchronous and asynchronous communication channels wikipedia
4
Bluetooth Devices
Google Images
5
Bluetooth: Security Risks
Significant target due to popularity
Newer technology means bugs and vulnerabilities
Numerous types of devices means different problems for each
6
PCs and Bluetooth Ad-Hoc network in meeting
Some hubs have no router-like security (simple relay)
Class 1 Bluetooth devices can extend 300 feet
Problems with fixed passkey Short key means easy to guess Separate keys for different types of
access is recommended but rarely used (Linux)
Initial key exchange is unencrypted
Hacker could extrapolate key (similar to cracking WEP encryption)
7
Bluetooth Passwords
Using one passkey for all connections Instead of unique keys to each pairing, all devices (Laptop,
PDA, Cell Phone, Printer, Headset, etc.) use same passkey
Hacker accesses one trusted device, all devices are now vulnerable
MAC address problems Can identify MAC address and monitor traffic on device
(class example of 2 companies merging) MAC unencrypted regardless of other encryption Standard Linux commands can be used
# hcitool scan Scanning ... 00:0A:D9:15:0B:1C T610-phone
8
Cracking Bluetooth RedFang
Scans MACs one at a time
Odds of finding are low Average 3-10sec /
address Sony Ericsson alone
has 16,777,216 possible
= 1,000+ days
Devices available to analyze Bluetooth data Cost prohibitive
($9500.00)
9
Cracking Bluetooth Cont. Uses frequency hopping to
deter, sequence is only pseudo-random
1600 hops/second Possibly find hop sequence and
collect data
Owner forgets to disable device discovery
Unable to change MAC Phone always allows connection
attempt without prompting user One device must enter
discoverable mode to make connection
10
Device ID Weakness
2 devices attempting to link are identified by name
Equipment not identified by unique MAC address
Leaves door open to exploit people (social engineering)
Paris Hilton cell phone incident
11
Current & Future Solutions
Simple password Between 1 and 16 numbers (128bit) Some devices have hard-coded passwords Basic encryption method, no variance
What else?!
Bluetooth
Wifi 12
Current & Future Solutions
Security Mode 1 Device does not initiate special security mechanism but
responds to authentication requests No Encryption
Security Mode 2 Use of security mechanisms determined by trust status.
Security is performed after authentication requests from other devices
Broadcast traffic is unencrypted Security Mode 3
Authentication is necessary for connection establishment All traffic is encrypted.
13
Current & Future Solutions
Simple current solutions
Lower the transmission power Set to un-discoverable Pairing in an inception-proof environment Use complex keys
14
Current & Future Solutions
Example : ActerBlue Designed to make mobile e-commerce secure via
Bluetooth Done through onboard biometric ID system Passwords are removed – instead, fingerprint
images are processed/stored on the card
15
Current & Future Solutions
Hardware access point? Allows owner to create up to 8 users with unique
passwords. Connects by standard ethernet More secure than
standard Bluetooth?
Belkin F8T030 16
References:
http://books.google.com/books?id=-fUR0OGZ7bQC&pg=PA58&lpg=PA58&dq=bluetooth+combination+key&source=web&ots=RwkD5ANJcH&sig=FAheS6Y29uE3EUqLZRMgS3i5v5I
http://www.securityfocus.com/infocus/1830 http://www.bluetooth-headset.co.uk/images/jabra%20jx10%20hub.bmp http://windowsecurity.com/articles/Bluetooth-Security-Threat.html http://www.cyberindian.net/wp-content/uploads/sony-ericsson-k790i-mobile-
phones.jpg http://www.askdavetaylor.com/
sync_motorola_razr_v3c_with_windows_xp_via_bluetooth.html
17
Recommended