I. INTRODUCTIONII. BluetoothA. Bluetooth Protocol ArchitectureB. Radio LayerC. Baseband LayerD. Link Manager LayerE. L2CAP LayerF. HCI LayerG. HackingIII. ExploitsA. BluesnarfingB. BluebugC. BluejackD. BluesmackE. Cracking Bluetooth PINIV. Bluetooth graphical User Interface applicationV. ConclusionVI. Future WorkSP-2: GUI Application to analyze Bluetooth IntrusionAbstract—Bluetooth technology has grown dramaticallythrough the years. Because of the increase in this technology,security has become an issue. With more people interactingwith this technology, by transferring data through devices,confidentiality and authenticity are factors to remain secure.Unfortunately, as new technology advances, so do maliciousexploits on the growing technology. To address these problems,first one has to understand the technology involved. We willfirst introduce how the Bluetooth protocol works. A briefdescription of what layers are in the protocol stack and howeach layer interacts with one another. Then some details on howwireless network messages are transferred through the protocol.Second part of this paper will describe different exploits andvulnerabilities that are either in the design already, or have beenmaliciously exploited. Some of these exploits are Bluesnarfing,Bluejacking, Bluebugging, etc. By understanding these exploits,one can gain a general idea of how vulnerable Bluetooth possiblycould be. Finally, a description of the graphical user interfacethat was developed will be shown in the end. By gainingexperience through practice, one can gain a better appreciationof the technologies and exploits being introduced.Index of Terms—Bluetooth, Bluesnarfing, Bluejacking,Bluebugging, SAFER+, MAC address, DOS attack.I. INTRODUCTIONWireless technology has evolved through the years tofacilitate the public with ease, convenience and efficiency inaccessing data. Due to this growing demand, Bluetooth hasadvanced as an ubiquitous technology found in manyeveryday appliances. From mobile phones, automobiles,refrigerators, and printers, the days of having a cluster ofwires to interface into different devices are now the past.With the growing popularity of this technology, maliciousexploits also have grown respectively. One can easily locatean exploit through the Internet, which most of them aretrivial to understand and use. There are many exploits tochoose from to do one’s bidding. Some of them caneavesdrop on information being transferred between twoparties. Others can spam a nearby mobile phone. Whileother software can virtually control all the processes of amobile phone, such as editing contacts to making a callthrough the phone. The possibilities are astounding. Insteadof searching individually for each exploit software that exists,we’ve decided to conveniently bundle them into a pack. Aone stop shop for popular Bluetooth exploits. Through ourGraphical User Interface application, user’s can intuitivelyinteract with the application to gain practical knowledge ofBluetooth exploits. One problem for beginners, who do notunderstand Bluetooth security, would have to search throughthe Internet to understand how Bluetooth works, the exploitsand practical examples. We are catering to those individualsthat fit the above description. As we’ve mentioned previously,our outline of the paper fit exactly into those categories.II.BLUETOOTHFigure 1: Bluetooth DevicesBluetooth technology is designed and optimized for use inmobile devices, such as mobile computers, cellular handsets,network access points, printers, PDA’s, desktops, keyboards,joysticks [Figure 1] and virtually any other device. Thetechnology is relatively robust and inexpensive. It operates ina short range 2.4GHz Industrial-Scientific-Medical (ISM)band, which can reach distances of 10 to 100 meters. It usesFrequency Hop (FH) spread spectrum, which divides thefrequency band into a number of hop channels. A Time-Division Duplex scheme is used for full duplex transmission.There are tiny radio-frequency transmitters, no larger than1.0 by 0.5 inches that can run off a watch battery for months. Power considerations are always important for battery-powered mobile devices, and Bluetooth’s low power modesmeet those requirements with less than 0.1 W active power.Bluetooth is intended to be a standard that works at twolevels: It provides agreement at the physical level (radio-frequencystandard). It also provides agreement at the next level up, whereproducts have to agree on when bits are sent, how many willbe sent at a time and how the parties in a conversation can besure that the message received is the same as the messagesent. The Bluetooth protocol uses a combination of circuit andpacket switching to send/receive data. A frequency-hoppingspread spectrum technique is used to make it difficult to trackor intercept transmissions. Each Bluetooth device has aunique 48 bit hard-wired device address for identity, whichGraphical User Interface Application to AnalyzeBluetooth IntrusionGyanesh Reddy Billakanti and Yue Chao Qin1SP-2: GUI Application to analyze Bluetooth Intrusionallows for 248 devices. Bluetooth devices basically formpiconets to communicate. Each piconet comprises of up toeight active devices where one is the 'master' and the rest are'slaves'. The master searches for Bluetooth devices followedby invitations to join the piconet addressed to specific devices.The 'master' then assigns a member-address to each slave andcontrols their transmissions. Devices can belong to severalpiconets. Bluetooth also provides for easy integration ofTCP/IP for networking.A. Bluetooth Protocol ArchitectureBluetooth is designed for communications applications. Itis designed to support high quality simultaneous voice anddata transfers, with rates reaching up to 721 Kbps. It supportsboth synchronous and asynchronous services and easyintegration of
View Full Document
Unlocking...