Bluetooth network-security-seminar-report
- 1. BLUETOOTH NETWORK SECURITY BY S.ROHIT SAGAR
- 2. TABLEOF CONTENT INTRODUCTION ABOUT BLUETOOTH BLUETOOTH NETWORKS BLUETOOTH ARCHITECTURE SECURITY ASPECTS IN BLUETOOTH CONNECTION ESTABLISHMENT USED SOFTWERE A) FOR DISCOVERING DEVICES B) FOR HACKING EFFECTIVENESS OFATTACK CONCLUSION
- 3. BLUETOOTH HACKING THREATS &PREVENTIONS INTRODUCTION Wireless communications offer organizations and users many benefits such as portability and flexibility, increased productivity, and lower installation costs. Wireless local area network (WLAN) devices, for instance, allow users to move their laptops from place to place within their offices without the need for wires and without losing network connectivity. Ad hoc networks, such as those enabled by Bluetooth, allow users to: Data synchronization with network systems and application sharing between devices. Eliminates cables for printer and other peripheral deviceconnections. Specific threats and vulnerabilities to wireless networks and handheld devices include thefollowing: All the vulnerabilities that exist in a conventional wired network apply to wirelesstechnologies. Malicious entities may gain unauthorized access to an agency‟s computer network through wireless connections, bypassing any firewallprotections.
- 4. ABOUT BLUETOOTH The original architecture for Bluetooth was developedby Ericson Mobile Communication Co. Bluetooth was originally designed primarily as a cable replacement protocol for wirelesscommunications. Among the array of devices that are anticipated are cellular phones, PDAs, notebook computers, modems, cordless phones, pagers, laptop computers, cameras, PC cards, fax machines, andprinters. Now Bluetooth specificationis: The 802.11 WLAN standards. Unlicensed 2.4 GHz–2.4835 GHz ISM(industrial, scientific, medical applications) frequency band. Frequency-hopping spread-spectrum (FHSS) technology to solve interference problems. Transmission speeds up to 1Mbps BluetoothClassesand Specifications
- 5. BLUETOOTHNETWORKS Bluetooth devices can form three types ofnetworks: Point to PointLink PiconetNetwork Ad-hoc or ScatternetNetwork PointtoPoint Link enabled devices shareWhen two Bluetooth information or data that is called point to point link. Master Device Network /Link Slave Device PiconetNetwork When there is a collection of devices paired with each other, it forms a small personal area network called „Piconet‟. APiconet consists of a master and at most seven activeslaves. Each Piconet has its own hopping sequence and the master and all slaves share the same channel. Master Device Slave Device Slave Device Slave Device
- 6. Departmentof Electronics& Communication. Ad-hoc or ScatternetNetwork Twoor more piconets connected to eachother by means of a device (called „bridge‟) participating in both the piconets, form a Scatternet Network. The role of bridge is to transmit data across piconets. Picont1 Piconet2 Fig: Scatternet Network When a number of Bluetooth devices communicate to each other in same vicinity, there is a high level of interference. To combat interference, Bluetooth technology applies a fast frequency-hopping scheme which hoops over 79 channels 1600 times per second. For devices to communicate to each other using Bluetooth they need to be paired with each other to have synchronized frequency-hoppingsequence.
- 7. BLUETOOTHARCHITECTURE The Bluetooth core system has three parts: RF transceiver Baseband Protocol-stack
- 8. Departmentof Electronics& Communication. SECURITYASPECTSIN BLUETOOTH The Bluetooth-system provide security attwo level- At Linklayer At Applicationlayer Link layer security Four different entities are used for maintaining security at the link layer: a Bluetooth device address, two secret, keys, and a pseudo-random number that shall be regenerated for each newtransaction. The four entities and their sizes aresummarized in Table- Table 1.1: Entities used in authentication and encryptionprocedures Applicationlayer security specification Entity Size BD_ADDR 48bits Private user key, authentication 128bits Private user key, encryption Configurable length (byte-wise) 8-128bits RAND 128bits
- 9. . BREAKINGINTO SECURITY Bluetooth devices themselves have inherent security vulnerabilities. For example, malicious users can use wireless microphones as bugging devices. Although such attacks have not been documented because Bluetooth is not yet commercially prevalent, incidents have been recorded of successful attacks on PCs using programs such as Back Orifice and Netbus Attack Tools& Programs Hardware Used: Dell XPS, Nokia N95, Nokia 6150, Hp IPAQ HX2790b. Operating Systems: Ubuntu, Backtrack, Windows Vista, Symbian OS, windows mobile. Software used: Bluebugger, Bluediving, Bluescanner, Bluesnarfer, BTscanner, Redfang, Blooover2, Ftp_bt. Dell laptop with windows vista to be broken into and for scanning then with Linux to attempt attacks. Pocket pc for being attacked, and one mobile for attacking one for beingattacked. Attackingmethodology The first & last thing to break security of a Bluetooth device is set up a connection or pairing. After that we can use the program to access into device data. Using tools to find the MAC address of nearby devices to attack. This generally finds devices set to discoverable although programs exist with a brute force approach that detects them when hidden. These programs also provide other basic information such as device classes and names.
- 10. Departmentof Electronics& Communication. AttackingToolsor Tricks Bluejacking Sending an unsolicited message over Bluetooth generally harmless but can be considered annoying at worst. Bluejacking is generally done by sending a V-card (electronic business card) to the phone and using the name field as the message. OBEXPush A way of bypassing authentication by sending a file designed to be automatically accepted such as a vcard and instead using OBEX to forward a request for data or in some cases control. Used in the below attacks. Bluesnarfing Through it we can access to data on a device via Bluetooth such as text messages, contact lists, calendar, emails etc. This uses the OBEX push profile to attempt to send an OBEX GET command to retrieve known filenames such as telecom/pb.vcf. The enhancement to this Bluesnarf++ connects to the OBEX FTP server to transfer thefiles. Here 'Snarf' - networking slang for 'unauthorizedcopy. Bluesnarfing consistsof: DataTheft Calendar ● Appointments ● Images 1. PhoneBook ● Names, Addresses,Numbers ● PINs and othercodes ● Images Devices: Ericsson R520m, T39m, T68, Sony Ericsson T68i, T610, Z1010, Nokia 6310, 6310i, 8910,8910i
- 11. Departmentof Electronics& Communication. Long Distance Attacking (Blue Sniper) This trick is tested in beginning of August 2004. This experiment has done in Santa MonicaCalifornia. The attacker has a class 1 Bluetooth device (called „dongle‟) with software. The bugged or snarfed device was class 2 device (Nokia 6310i) at distance of 1.78 km (1.01 miles). Blueprinting Blueprinting is fingerprinting Bluetooth Wireless Technology interfaces of devices. This work has been started by Collin R. Mulliner and Martin Herfurt. Relevant to all kinds ofapplications: – Security auditing. – Device Statistics. – Automated ApplicationDistribution.
- 12. Attackingsoftware ForDiscoveringBluetooth Devices BlueScanner - BlueScannersearches out for Bluetooth-enabled devices. It will try to extract as much information as possible for each newly discovered device. BlueSniff - BlueSniff is a GUI-based utility for finding discoverable and hidden Bluetooth-enabled devices. BTBrowser- Bluetooth Browser is a J2ME application that can browse and explore the technical specification of surrounding Bluetooth-enabled devices. You can browse device information and all supported profiles and service records of each device. BTBrowser works on phones that supports JSR-82 - the Java Bluetooth specification. BTCrawler - BTCrawler is a scanner for Windows Mobile based devices. It scans for other devices in range and performs service query. It implements the BlueJacking and BlueSnarfingattacks.
- 13. Effectivenessof Attacks Laptop This attacks here where a resounding failure with all devices being attacked requiring user input to function. Bluebugging and Bluesnarfing where both attempted several times with trial and error the correct channels for these attacks where found and used to successfully contact the phone but failed to work without authentication. VsMobiles Attacks made against the Nokia N95 and Nokia 6250 both connected to the phone but required the user to accept to continue and thus where considered a failure. Attacks were also made against other nearby mobiles with either the same result or in a single case a successful transfer with Bluesnarfing but no data gathered (Unusual filenames whereassumed).
- 14. Departmentof Electronics& Communication. CONCLUSION: SECURE YOURDEVICE Bluetooth socialengineering Bluetooth is used by people daily so it is possible to use social engineering techniques to attack devices. One of the most common uses of Bluetooth is with Mobile Phone can be an interesting part of social engineering to examine. Some users tend to accept incoming connections leaving themselves at risk to outside attack. More a lack of education than anything else causes people not to recognize a threat when they see one and accept incoming connections. This is an interesting way of using social engineering to break into devices. SecurityEffectiveness The standard security method for Bluetooth is to simple have the device hidden or turned off and many devices require user input for any incoming message orconnection. This is surprisingly effective as when a device requires authentication for even a vcard it is difficult to find a way in without an unsecured channel. The biggest security risk seems to be the users themselves several attacks succeeded simple because the users accepted the incoming connection (many harmless audits where performed on bypassers) allowing access on their device (we considered this a failure of the attack). No amount of security can preventa user opening the door so to speak. No additional security software was found for Bluetooth.
- 15. THANK YOU