Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Carwhisperer Bluetooth Attack


Published on

null Mumbai Chapter December 2012 Meet

Published in: Education
  • Be the first to comment

  • Be the first to like this

Carwhisperer Bluetooth Attack

  1. 1. CarwhispererBluetooth Attack
  2. 2. What is Bluetooth??• Bluetooth is “A specification for short-range radio links between mobile phones, mobile computers, digital cameras, and other portable devices.”• Enables users to establish ad hoc networks supporting voice and data communications
  3. 3. History• It has been called after Harald Blatand (Harald bluetooth), the king of Denmark.• The Bluetooth wireless technology was invented in 1994 by Ericsson• In September 1998, the Bluetooth Special Interest Group (SIG) was founded with the objective of developing the Bluetooth wireless technology
  4. 4. Bluetooth Basics• Bluetooth operates in the licensed-free ISM band between 2.4 and 2.48 GHz.• For Prevention of interference with other devices working within ISM, Bluetooth make use of a technique called frequency hopping.• It takes 1600 hops/sec• It has 79 base band frequencies• Bluetooth is a connection oriented service.
  5. 5. Bluetooth Basics(Continued)• In order to connect two Bluetooth devices, one of them, normally the device initiating the connection, elevates to the master, leaving the second device as a slave.• Piconet• Scatternet• ACL (Asynchronous connection-oriented) and SCO (Synchronous connection-less)• Data rates up to 3 Mb/s• Typical communication range is 10 to100 meters
  6. 6. Bluetooth Topology (ACL link)
  7. 7. Bluetooth Topology (SCO/eSCO link)
  8. 8. Master-Slave Architecture• In Bluetooth, connections with up to seven devices, which form piconet are possible, where communication is led by the master device.
  9. 9. Bluetooth Services• Bluetooth makes use of a protocol stack, which makes it simple to separate application logic from physical data connections.• The protocol architecture of Bluetooth allows for straight forward implementation of existing network protocols like HTTP, FTP, etc.
  10. 10. Bluetooth Radio & Baseband• Bluetooth Radio work as a digital signal processing component of the system• Bluetooth device transmit data, which is made up of bits (ones and zeros), over a radio frequency• Baseband processes the signal received and transmitted by Radio• Controls links, packets, error and flow
  11. 11. LMP & HCI• LMP manages link setup, authentication, link configuration and other low level protocols• Connection establishment• HCI provides command interface to the baseband controller and link manager• Exists across three sections, the host, transport layer and the host controller
  12. 12. L2CAP & RFCOMM• L2CAP provides connection-oriented and connection- less data services to upper layer protocols• Permits protocols and applications to transmit and receive data packets up to 64 kilobytes in length• RFCOMM protocol supports 60 simultaneous connection between two Bluetooth devices• The number of connections that can be used simultaneously in a bluetooth device is implementation specific, meaning what profile is being used
  13. 13. SDP-Service Discovery Protocol• Bluetooth is a technology, which is deployed in a dynamical environment. Devices may get out of range or even switched on, while new devices might become activated.• In order to detect services, provided by other devices, a protocol, which detects services makes sense. In Bluetooth, the Service Discovery Protocol is responsible for keeping track of services, provided within a device’s operating range
  14. 14. TCS - Telephony Control Protocol• The Telephony Control Protocol provides functionality to control telephony applications and makes use of L2CAP connections.
  15. 15. OBEX - Object Exchange Protocol• The Object Exchange Protocol (OBEX) provides services for the exchange of binary data objects. To initiate an OBEX session, an optional OBEX authentication is possible.• Therefore, a limited set of commands like PUT, GET or ABORT exist for easy file transfers, comparable to HTTP.
  16. 16. Bluetooth Profiles• In Bluetooth, provided services are composed to a Bluetooth Profile. Bluetooth devices communicate via the profiles, that act as ”interfaces”.• For further consideration, two Bluetooth profiles are especially interesting, concerning BlueSnarfing and BlueBugging attacks: 1. OBEX Object Push Profile (OPP). 2. Synchronisation Profile (SYNCH).
  17. 17. OBEX Object Push Profile (OPP)• The Object Push Profile (OPP) provides basic functions for exchange of binary objects, mainly used for vCards in Bluetooth.• vCard is a file format standard for electronic business cards.• Since vCards are not worth being especially protected, no authorization procedure is performed before OPP transactions. Supported OBEX commands are connect, disconnect, put , get and abort.
  18. 18. Synchronization Profile (SYNCH)• The Synchronization Profile (SYNCH) provides functions for exchange of Personal Information Manager (PIM) data and was adopted from the IrDA infrared specification.• In Bluetooth, especially private data, like the address book, calendar, etc. is sent using the SYNCH profile.
  19. 19. Overview On Bluetooth Security• Security within Bluetooth itself covers three major areas: – Authentication – Authorization – Encryption• Security levels: – Silent – Private – Public
  20. 20. Thank You !!