Bluetooth is a wireless technology standard for exchanging data over short distances. It allows devices such as phones, laptops, headphones, and other portable devices to connect to each other and establish ad-hoc networks. Bluetooth operates in the unlicensed ISM band between 2.4-2.48 GHz using frequency hopping to prevent interference. Devices connect in a master-slave topology where one device is the master and up to seven can connect as slaves in a piconet. Bluetooth uses protocols like L2CAP, RFCOMM, and OBEX to transfer data and supports profiles for services like file transfer, synchronization, and telephony. Security in Bluetooth includes authentication, authorization, and encryption at different security levels.

1. Carwhisperer
Bluetooth Attack

2. What is Bluetooth??
• Bluetooth is “A specification for short-range radio
links between mobile phones, mobile computers,
digital cameras, and other portable devices.”
• Enables users to establish ad hoc networks
supporting voice and data communications

3. History
• It has been called after Harald Blatand (Harald
bluetooth), the king of Denmark.
• The Bluetooth wireless technology was invented in
1994 by Ericsson
• In September 1998, the Bluetooth Special Interest
Group (SIG) was founded with the objective of
developing the Bluetooth wireless technology

4. Bluetooth Basics
• Bluetooth operates in the licensed-free ISM band
between 2.4 and 2.48 GHz.
• For Prevention of interference with other devices working
within ISM, Bluetooth make use of a technique called
frequency hopping.
• It takes 1600 hops/sec
• It has 79 base band frequencies
• Bluetooth is a connection oriented service.

5. Bluetooth Basics(Continued)
• In order to connect two Bluetooth devices, one of them,
normally the device initiating the connection, elevates to
the master, leaving the second device as a slave.
• Piconet
• Scatternet
• ACL (Asynchronous connection-oriented) and SCO
(Synchronous connection-less)
• Data rates up to 3 Mb/s
• Typical communication range is 10 to100 meters

6. Bluetooth Topology (ACL link)

7. Bluetooth Topology (SCO/eSCO link)

8. Master-Slave Architecture
• In Bluetooth, connections with up to seven devices,
which form piconet are possible, where communication is
led by the master device.

9. Bluetooth Services
• Bluetooth makes use of a protocol stack, which makes it
simple to separate application logic from physical data
connections.
• The protocol architecture of Bluetooth allows for straight
forward implementation of existing network protocols
like HTTP, FTP, etc.

11. Bluetooth Radio & Baseband
• Bluetooth Radio work as a digital signal processing
component of the system
• Bluetooth device transmit data, which is made up of bits
(ones and zeros), over a radio frequency
• Baseband processes the signal received and transmitted
by Radio
• Controls links, packets, error and flow

12. LMP & HCI
• LMP manages link setup, authentication, link
configuration and other low level protocols
• Connection establishment
• HCI provides command interface to the baseband
controller and link manager
• Exists across three sections, the host, transport layer and
the host controller

13. L2CAP & RFCOMM
• L2CAP provides connection-oriented and connection-
less data services to upper layer protocols
• Permits protocols and applications to transmit and
receive data packets up to 64 kilobytes in length
• RFCOMM protocol supports 60 simultaneous connection
between two Bluetooth devices
• The number of connections that can be used
simultaneously in a bluetooth device is implementation
specific, meaning what profile is being used

14. SDP-Service Discovery Protocol
• Bluetooth is a technology, which is deployed in a
dynamical environment. Devices may get out of range or
even switched on, while new devices might become
activated.
• In order to detect services, provided by other devices, a
protocol, which detects services makes sense. In
Bluetooth, the Service Discovery Protocol is responsible
for keeping track of services, provided within a device’s
operating range

15. TCS - Telephony Control Protocol
• The Telephony Control Protocol provides functionality to
control telephony applications and makes use of L2CAP
connections.

16. OBEX - Object Exchange Protocol
• The Object Exchange Protocol (OBEX) provides services
for the exchange of binary data objects. To initiate an
OBEX session, an optional OBEX authentication is
possible.
• Therefore, a limited set of commands like PUT, GET or
ABORT exist for easy file transfers, comparable to HTTP.

17. Bluetooth Profiles
• In Bluetooth, provided services are composed to a
Bluetooth Profile. Bluetooth devices communicate via the
profiles, that act as ”interfaces”.
• For further consideration, two Bluetooth profiles are
especially interesting, concerning BlueSnarfing and
BlueBugging attacks:
1. OBEX Object Push Profile (OPP).
2. Synchronisation Profile (SYNCH).

18. OBEX Object Push Profile (OPP)
• The Object Push Profile (OPP) provides basic functions
for exchange of binary objects, mainly used for vCards in
Bluetooth.
• vCard is a file format standard for electronic business
cards.
• Since vCards are not worth being especially protected, no
authorization procedure is performed before OPP
transactions. Supported OBEX commands are connect,
disconnect, put , get and abort.

19. Synchronization Profile (SYNCH)
• The Synchronization Profile (SYNCH) provides functions
for exchange of Personal Information Manager (PIM)
data and was adopted from the IrDA infrared
specification.
• In Bluetooth, especially private data, like the address
book, calendar, etc. is sent using the SYNCH profile.

20. Overview On Bluetooth Security
• Security within Bluetooth itself covers three major
areas:
– Authentication
– Authorization
– Encryption
• Security levels:
– Silent
– Private
– Public

25. Thank You !!