170 likes | 183 Views
Learn about the history, features, and vulnerabilities of Bluetooth technology, and discover current and future solutions to enhance security.
E N D
How secure is Darren Adams,Kyle Coble, andLakshmi Kasoji
Bluetooth has become very popular because: Power efficiency Low costs Short range radio frequency wireless device Bluetooth is a Personal Area Network (PAN) wireless device and can be used for: Portable laptops Printers Keyboards Headsets Cell phones GPS devices Ipod’s PDA’s Automobile equipment Introduction to Bluetooth 2
Introduction to Bluetooth History: Bluetooth name came from Denmark. Originally created by Jaap Haartsen and Sven Mattisson working for Ericsson in 1994. Further developed by Special Interest Group (SIG) including: • Ericsson • IBM • Nokia • Intel • Toshiba In 1999, other companies added support including 3Com Corporation, Lucent Technologies, Microsoft and Motorola 3
Introduction to Bluetooth Bluetooth features… • Frequency ~ 2.5GHz. Communication is point to point or one point to several connections. Used globally without a license. • 10 to 100 meter transmit distances at 1Mbps. • Uses ad-hoc network, also called piconet. In a piconet, one device acts as master and other devices as slaves. Maximum of seven slaves • Low and high level of power depending on room size • Synchronous and asynchronous communication channels wikipedia 4
Bluetooth Devices Google Images 5
Significant target due to popularity Newer technology means bugs and vulnerabilities Numerous types of devices means different problems for each Bluetooth: Security Risks 6
PCs and Bluetooth • Ad-Hoc network in meeting • Some hubs have no router-like security (simple relay) • Class 1 Bluetooth devices can extend 300 feet • Problems with fixed passkey • Short key means easy to guess • Separate keys for different types of access is recommended but rarely used (Linux) • Initial key exchange is unencrypted • Hacker could extrapolate key (similar to cracking WEP encryption) 7
Bluetooth Passwords • Using one passkey for all connections • Instead of unique keys to each pairing, all devices (Laptop, PDA, Cell Phone, Printer, Headset, etc.) use same passkey • Hacker accesses one trusted device, all devices are now vulnerable • MAC address problems • Can identify MAC address and monitor traffic on device (class example of 2 companies merging) • MAC unencrypted regardless of other encryption • Standard Linux commands can be used # hcitool scan Scanning ... 00:0A:D9:15:0B:1C T610-phone 8
Cracking Bluetooth • RedFang • Scans MACs one at a time • Odds of finding are low • Average 3-10sec / address • Sony Ericsson alone has 16,777,216 possible • = 1,000+ days • Devices available to analyze Bluetooth data • Cost prohibitive ($9500.00) 9
Cracking Bluetooth Cont. • Uses frequency hopping to deter, sequence is only pseudo-random • 1600 hops/second • Possibly find hop sequence and collect data • Owner forgets to disable device discovery • Unable to change MAC • Phone always allows connection attempt without prompting user • One device must enter discoverable mode to make connection 10
Device ID Weakness • 2 devices attempting to link are identified by name • Equipment not identified by unique MAC address • Leaves door open to exploit people (social engineering) • Paris Hilton cell phone incident 11
Current & Future Solutions • Simple password • Between 1 and 16 numbers (128bit) • Some devices have hard-coded passwords • Basic encryption method, no variance • What else?! Bluetooth Wifi 12
Current & Future Solutions • Security Mode 1 • Device does not initiate special security mechanism but responds to authentication requests • No Encryption • Security Mode 2 • Use of security mechanisms determined by trust status. Security is performed after authentication requests from other devices • Broadcast traffic is unencrypted • Security Mode 3 • Authentication is necessary for connection establishment • All traffic is encrypted. 13
Current & Future Solutions • Simple current solutions • Lower the transmission power • Set to un-discoverable • Pairing in an inception-proof environment • Use complex keys 14
Current & Future Solutions • Example : ActerBlue • Designed to make mobile e-commerce secure via Bluetooth • Done through onboard biometric ID system • Passwords are removed – instead, fingerprint images are processed/stored on the card 15
Current & Future Solutions • Hardware access point? • Allows owner to create up to 8 users with unique passwords. • Connects by standard ethernet • More secure than standard Bluetooth? Belkin F8T030 16
References: • http://books.google.com/books?id=-fUR0OGZ7bQC&pg=PA58&lpg=PA58&dq=bluetooth+combination+key&source=web&ots=RwkD5ANJcH&sig=FAheS6Y29uE3EUqLZRMgS3i5v5I • http://www.securityfocus.com/infocus/1830 • http://www.bluetooth-headset.co.uk/images/jabra%20jx10%20hub.bmp • http://windowsecurity.com/articles/Bluetooth-Security-Threat.html • http://www.cyberindian.net/wp-content/uploads/sony-ericsson-k790i-mobile-phones.jpg • http://www.askdavetaylor.com/sync_motorola_razr_v3c_with_windows_xp_via_bluetooth.html 17