1 / 16

Graphical User Interface Application to Analyze Bluetooth Intrusion

Graphical User Interface Application to Analyze Bluetooth Intrusion. Gyanesh Reddy Billakanti Yue Chao Qin. Outline. Introduction Exploits GUI Difficulties Conclusion Future Work. Introduction. Provides way to connect and exchange information wirelessly PDA Mobile Phones Laptop

jacob
Download Presentation

Graphical User Interface Application to Analyze Bluetooth Intrusion

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Graphical User Interface Application to Analyze Bluetooth Intrusion Gyanesh Reddy Billakanti Yue Chao Qin

  2. Outline • Introduction • Exploits • GUI • Difficulties • Conclusion • Future Work

  3. Introduction • Provides way to connect and exchange information wirelessly • PDA • Mobile Phones • Laptop • PC’s • Printers • Digital Cameras • Video Game Consoles

  4. Introduction (cont.) • 1994, First developed by Jaap Haartsen • IEEE 802.15.1 • Latest version is 2.0, previous version were 1.0, 1.1, and 1.2. • Short range wireless connectivity, about 10 to 100 meters. • Low Power Consumption • Speeds up to 1Mbits/sec • Master / slave architecture

  5. Introduction (cont.) • Security • Authentication - Key Pairing, both users need a shared secret pin number • Encryption - Users set up encryption key after key pairing process

  6. Exploits • Bluejack • Spamming • Sending random text message to another cell phone nearby • Originally designed to easily send business cards via mobile phones • Flaw in the OBEX (responsible for transfer of data) layer

  7. Exploits (cont.) • Bluesmack • Denial of Service attack • Taking advantage of the L2CAP layer • Utilizes high traffic of ICMP pings • AKA “Ping of Death”, “Smurf Attack”

  8. Exploits (cont.) • Bluesnarfing • Allows reading/editing calendar, contact list, emails and text messages • Flaw in the OBEX layer • Perform an OBEX Push/Get (Similar to FTP) for known variable names (e.g. “telecom/pb.vcf” – phone book list)

  9. Exploits (cont.) • Bluebugging • Same exploits as Bluesnarfing • In addition to initiate phone calls, read/send SMS (text message), set call forwarding, connecting to Internet, and for phone to use different service provider • Doesn’t exploit the OBEX layer, instead connects serially to the vulnerable device

  10. Exploits (cont.) • Only certain phones are vulnerable because of old technology in the protocol stack

  11. GUI

  12. Difficulties • Original plan was to implement an exploit, but also show it through the GUI • However, very hard to find source of exploits, though there are very many exploit executables • No Bluetooth protocol analyzer available • Most exploits are geared towards older phones/technology

  13. Conclusion • Many exploits are catered for older vulnerable technologies • Phone should never always be on discover mode, attackers can detect you • Many executable tools/toys online, however finding source is scarce • Pin lengths should be 7 or longer for security when pairing (in paper)

  14. Future Work • Develop new exploits for newer phones/technologies • Cracking Bluetooth Pin (in paper) • Add new features to GUI

  15. References • C. Gehrmann, J. Persson, and Ben Smeets, “Bluetooth Security” Artech House, 2004, pp. 3, 67-73, 97-117. • (Potentials, IEEE) P. McDermott-Wells, “What is Bluetooth?” Volume 23, Issue 5 Dec 2004 – Jan 2005, pp. 33-35. Digital Object Identifier 10.1109/MP.2005.1368913 • B. Miller and C. Bisdikian, “Bluetooth Revealed: The Insider’s Guide to an Open Specification for Global Wireless Communications” Prentice Hall PTR, 2001, pp. 177, 183, 184-186. • C Kumar, P. Kline, and T. Thompson, “Bluetooth Application Programming with the Java APIs” Morgan Kaufmann Publishers, 2004, pp. 109-138, 243-318. • A. Laurie, Marcel Holtmann, and M. Herfurt, “Hacking Bluetooth Enabled Mobile Phones and Beyond : Full Disclosure” Blackhat Security Breifings Apr 1 2005, Amsterdam, The Netherlands [Online]. Available : http://trifinite.org/Downloads/trifinite.presentation_blackhat.pdf#search=%22hacking%20bluetooth%22 • A. Ortega, (2006, Dec 1). Building a Bluetooth Network with Linux [Online]. Available: http://www.triptico.com/software/bluetooth.html • (2006, Dec 1). Bluesnarfing [Online]. Available: http://en.wikipedia.org/wiki/Bluesnarfing • (2004, Jul 31). Bluesnarfing [Online]. Available: http://searchmobilecomputing.techtarget.com/sDefinition/0,,sid40_gci952393,00.html • Conova (2006). Bluesnarf [Online]. Available: http://trifinite.org/trifinite_stuff_bluesnarf.html

  16. Questions?

More Related