Projects

BLUETOOTH HACKING

Bluetooth (BT) is one of the newer wireless technologies in use today. The name derives from that of Harald Blaatand, a tenth-century king of Denmark and Norway who united many independent Scandinavian tribes into a single kingdom. Bluetooth wireless communication technology is meant to be a universal, standard communications protocol for short-range communications, intended to replace the cables connecting portable and fixed electronic devices(Bluetooth SIG, 2008a).

Operating in the 2.4 GHz range, Bluetooth is designed to allow wire-free communication over a range of short-haul distances in three power classes, namely, short range(10-100 cm), ordinary range (10 m), and long range (100 m) (Sridhar, 2008). Cell phones, personal digital assistants (PDAs), and smart phones are a few of the devices that commonly use Bluetooth for synchronizing email, sending messages, or connecting to a remote headset (Mahmoud, 2003a). What are less well known to users of Bluetooth devices are the risks that they incur due to various vulnerabilities of the technology. Blue hacking, blue jacking, morphing, blue sniping, and blue snafting are just a few of the names given to the act of hacking a device via Bluetooth (Laurie, Holtmann, & Herfurt, 2006). In this paper, we will discuss the technology needed to hack a cell phone, some of the tools, and precautions that users can take to help protect their Bluetooth devices.

 

  1. Technology

Figure 1 shows a diagram of the Bluetooth protocol stack in order to show the various attack vectors. The protocol layers of particular interest in this paper are:

• Logical Link Control and Adaptation Protocol (L2CAP): Provides the data interface between higher layer data protocols and applications, and the lower layers of the device; multiplexes multiple data streams; and adapts between different packet sizes (Hole, 2008a, 2008d; Sridhar, 2008).

• Radio Frequency Communications Protocol (RFCOMM): Emulates the functions of a serial communications interface (e.g., EIA-RS-232) on a computer. As Figure 1 shows, RFCOMM can be accessed by a variety of higher layer schemes, including AT commands, the Wireless Application Protocol (WAP) over the Transmission Control Protocol/Internet Protocol (TCP/IP) stack, or the Object Exchange (OBEX) protocol (Hole, 2008a, 2008e; Sridhar, 2008).

• Object Exchange protocol: A vendor-independent protocol allowing devices to exchange standard file objects, such as data files, business cards (e.g., vCard files), and calendar information (e.g., vCal files). OBEX is a higher layer application and runs over different operating systems (e.g., PalmOS and Windows CE) and different communications protocols (e.g., Bluetooth and IrDA) (Gusev, n.d.). Most of the tools that are being used to hack Bluetooth phones use the Java programming language. In order for the software to work, the phone that is used to initiate the attack needs to support JSR-82, which is the official Java Bluetooth Application Programming Interface (API) (JCP, 2009). If the attacker’s phone does not support JSR-82, that phone cannot be used to attack other phones. This is an important note because although Bluetooth is widely available on cell phones, Java and JSR-82 support may not be. JSR-82 consists of two packages, namely, javax.bluetooth, which is the core Bluetooth API, and javax.obex, which is independent of the Bluetooth stack and provides APIs to other protocols, such as OBEX. The capabilities of JSR-82 include the ability to (Hole, 2007; Mahmoud, 2003b):

• Register services

• Discover devices and services

• Establish L2CAP, RFCOMM, and OBEX connections between devices, using those connections to send and receive data (voice communication is not supported)

• Manage and control the communication connections

• Provide security for these activitiesHole (2008a, 2008f) and Mahmoud (2003b) provide good overviews of how this code functions.



Tags :
4
Your rating: None Average: 4 (3 votes)

Posted by



Sun, 19/12/2010 - 12:36

Share

Collaborate