How secure is

1
How secure is
Darren Adams,Kyle Coble, andLakshmi Kasoji
2
Introduction to Bluetooth

• Bluetooth has become very popular because
• Power efficiency
• Low costs
• Short range radio frequency wireless device
• Bluetooth is a Personal Area Network (PAN)
  wireless
• device and can be used for
• Portable laptops
• Printers
• Keyboards
• Headsets
• Cell phones
• GPS devices
• Ipods
• PDAs
• Automobile equipment

2
3
Introduction to Bluetooth

• History
• Bluetooth name came from Denmark.
• Originally created by Jaap Haartsen and Sven
  Mattisson working for Ericsson in 1994.
• Further developed by Special Interest Group (SIG)
  including
• Ericsson
• IBM
• Nokia
• Intel
• Toshiba
• In 1999, other companies added support including
  3Com Corporation, Lucent Technologies, Microsoft
  and Motorola

3
4
Introduction to Bluetooth

• Bluetooth features
• Frequency 2.5GHz. Communication is point to
  point or one point to several connections. Used
  globally without a license.
• 10 to 100 meter transmit distances at 1Mbps.
• Uses ad-hoc network, also called piconet. In a
  piconet, one device acts as master and other
  devices as slaves. Maximum of seven slaves
• Low and high level of power depending on room
  size
• Synchronous and asynchronous communication
  channels
• wikipedia

4
5
Bluetooth Devices

• Google Images

5
6
Bluetooth Security Risks

• Significant target due to popularity
• Newer technology means bugs and vulnerabilities
• Numerous types of devices means different
  problems for each

6
7
PCs and Bluetooth

• Ad-Hoc network in meeting
• Some hubs have no router-like
• security (simple relay)?
• Class 1 Bluetooth devices can
• extend 300 feet
• Problems with fixed passkey
• Short key means easy to guess
• Separate keys for different types of access is
  recommended but rarely used (Linux)?
• Initial key exchange is unencrypted
• Hacker could extrapolate key (similar to cracking
  WEP encryption)

7
8
Bluetooth Passwords

• Using one passkey for all connections
• Instead of unique keys to each pairing, all
  devices (Laptop, PDA, Cell Phone, Printer,
  Headset, etc.) use same passkey
• Hacker accesses one trusted device, all devices
  are now vulnerable
• MAC address problems
• Can identify MAC address and monitor traffic on
  device (class example of 2 companies merging)?
• MAC unencrypted regardless of other encryption
• Standard Linux commands can be used

hcitool scan Scanning ... 000AD9150B1C
T610-phone
8
9
Cracking Bluetooth

• RedFang
• Scans MACs one at a time
• Odds of finding are low
• Average 3-10sec / address
• Sony Ericsson alone has 16,777,216 possible
• 1,000 days
• Devices available to analyze Bluetooth data
• Cost prohibitive (9500.00)?

9
10
Cracking Bluetooth Cont.

• Uses frequency hopping to deter, sequence is only
  pseudo-random
• 1600 hops/second
• Possibly find hop sequence and collect data
• Owner forgets to disable device discovery
• Unable to change MAC
• Phone always allows connection attempt without
  prompting user
• One device must enter discoverable mode to make
  connection

10
11
Device ID Weakness

• 2 devices attempting to link are identified by
  name
• Equipment not identified by unique MAC address
• Leaves door open to exploit people (social
  engineering)?
• Paris Hilton cell phone incident

11
12
Current Future Solutions

• Simple password
• Between 1 and 16 numbers (128bit)?
• Some devices have hard-coded passwords
• Basic encryption method, no variance
• What else?!

Bluetooth
Wifi
12
13
Current Future Solutions

• Security Mode 1
• Device does not initiate special security
  mechanism but responds to authentication requests
• No Encryption
• Security Mode 2
• Use of security mechanisms determined by trust
  status. Security is performed after
  authentication requests from other devices
• Broadcast traffic is unencrypted
• Security Mode 3
• Authentication is necessary for connection
  establishment
• All traffic is encrypted.

13
14
Current Future Solutions

• Simple current solutions
• Lower the transmission power
• Set to un-discoverable
• Pairing in an inception-proof environment
• Use complex keys

14
15
Current Future Solutions

• Example ActerBlue
• Designed to make mobile e-commerce secure via
  Bluetooth
• Done through onboard biometric ID system
• Passwords are removed instead, fingerprint
  images are processed/stored on the card

15
16
Current Future Solutions

• Hardware access point?
• Allows owner to create up to 8 users with unique
  passwords.
• Connects by standard ethernet
• More secure than standard Bluetooth?

Belkin F8T030
16
17

• References
• http//books.google.com/books?id-fUR0OGZ7bQCpgP
  A58lpgPA58dqbluetoothcombinationkeysourcew
  ebotsRwkD5ANJcHsigFAheS6Y29uE3EUqLZRMgS3i5v5I
• http//www.securityfocus.com/infocus/1830
• http//www.bluetooth-headset.co.uk/images/jabra20
  jx1020hub.bmp
• http//windowsecurity.com/articles/Bluetooth-Secur
  ity-Threat.html
• http//www.cyberindian.net/wp-content/uploads/sony
  -ericsson-k790i-mobile-phones.jpg
• http//www.askdavetaylor.com/sync_motorola_razr_v3
  c_with_windows_xp_via_bluetooth.html

17