Aaron Snowberger

1
Aaron Snowberger COSC 4010 4-24-05
ttp//vikings.mikeyouse.com/Graphics/cartoon.gif
ttp//completewasteoftime.blogs.com/weblog/bluetoo
th20headset.jpg
2
Background

• What is Bluetooth?
• Named after Harald Bluetooth (Blatand)
• Danish King
• Ruled Norway and Denmark 935 940 AD
• United Denmark, Norway, and Sweden into one
  country
• Likewise Bluetooth technology seeks to unite
  different technologies

ttp//www.japaninc.net/mag/images/2000/06/blue_too
th.jpg
3
Background

• Technology Specifics
• Industry standard for wireless PANs
• Short range and low power consumption
• 10 meters (32 feet)
• 1 milliwatt signals (some cell phones 3 watts)
• Operates on 2.45 Ghz radio frequency
• Low signal/range helps prevent interference from
  other devices on 2.45 Ghz channels
• Transfer speeds
• 723.1 Kbps for 1.1, 1.2 and 2.1 Mbps for 2.0

4
Channel Hopping

• To avoid interference
• Divides band in 79 random frequencies
• Channel hops between frequencies 1600 times per
  second
• US and Europe frequencies 2400 2483.5 MHz
• Japan frequencies 2472 2497 MHz (23 channels)

5
The HOW

• How Bluetooth Works
• When in range of other devices
• Auto send signals to determine interaction level
• Devices form small PAN (piconet)
• Hop frequencies in unison with each other
• Different from Wi-Fi
• Bluetooth is wireless USB, Wi-Fi wireless Ethernet

6
Jacking

• Bluejacking
• Not really hacking, but does abuse pairing
  feature
• Term coined by Ajack, user on esato.com Dec 02
• Bluetooth is open-specification
• Simply send anonymous text message
• Bluejackers can't read files, or screw up
  device
• True hacking is called Bluesnarfing

7
Jacking-The HOW

• How Bluejacking works
• In a crowd (likely other devices)
• Create new Contact in Phone Book
• Instead of a name, enter the message
• Send via Bluetooth
• Scans airwaves and pops up a list of other
  Bluetooth enabled devices
• Then, send the message

8
Problems

• Nov 2003 Adam Laurie, AL Dig Ltd.
• 3 serious vulnerabilities
• SNARFING - Confidential data can be obtained
  anonymously
• BACKDOOR - Entire memory contents can be accessed
  by previously paired trusted device
• BLUEBUG - Access can be gained to the AT command
  set, giving full access to higher level
  channels/commands (Martin Herfurt)
• Also, Bluejacking promotes unsafe environment

9
Snarfing

• Bluesnarfing true hacking
• Theft of data (contacts, calendar)
• Wireless laptop with proper software can
• Remotely discover Bluetooth device
• Create a connection with no confirmation/input
  code
• Download data
• Only certain devices are vulnerable
• ttp//www.thebunker.net/security/bluetooth.htm

10
Backdoor

• Previously paired trusted device
• Involves creating a paired relationship
• Ensure it no longer appears in registry of shared
  devices
• Unless user is looking at device, unnoticeable
• Also grants access to SNARF attack where
  previously disallowed

11
Bluebug

• Gives full access to AT command set
• Creates serial profile connection to device
• Can do things like
• Use PPP for networking, gnokii for messaging
• Initiate calls to premium rate numbers
• Send/read sms messages
• Connect to Internet
• Monitor calls (voice call over GSM network, so
  listening post can be anywhere in the world)
• Intercept calls (call forwarding diverts)

12
Protection

• Protection/Prevention/Workarounds
• BACKDOOR
• Factory reset
• BLUESNARFING and BLUEBUG
• No known fixes or workarounds
• Switch off Bluetooth, esp. in unsafe areas
• Set Bluetooth to undiscoverable
• BLUEJACKING
• Just say No

13
The End
Q A
Bluetooth logo images from ttp//www.amber-networ
ks.co.uk/images/Bluetooth20Logo20CMYK.gif ttp//
static.howstuffworks.com/gif/bluetooth-logo.jpg