Bluetooth1
•Download as PPT, PDF•
1 like•31 views
This PPT Based On Bluetooth Security Issues, Threats and Consequence.. Its Created By me
Recommended
Recommended
More Related Content
What's hot
What's hot (19)
Similar to Bluetooth1
Similar to Bluetooth1 (20)
Recently uploaded
Recently uploaded (20)
Bluetooth1
- 2. BLUETOOTH INTRODUCTION ♦ Wire replacement technology ♦ Low power ♦ Short range 10m - 100m ♦ 2.4 GHz ♦ 1 Mb/s data rate
- 3. What Is BlueTooth? ♦ A unique new wireless technology specifically for: ♦ Short range 10 - 100 meters typically ♦ Modest performance (780Kbps) ♦ Dynamically configurable ad hoc networking/ roaming ♦ Low power Well suited to handheld applications ♦ Support for both voice and data
- 4. BlueTooth - What is the Technology ? ♦ Uses 2.4 GHZ unlicensed ISM band ♦ Frequency hopping spread spectrum radio for higher interference immunity. ♦ Supports point to point and point to multipoint connection with single radio link. ♦ Designed to provide low cost, robust, efficient, high capacity voice and data networking. ♦ Uses a combination of circuit and packet switching.
- 5. Why BlueTooth? ♦ Simple to install and expand ♦ Need not be in line of sight ♦ Low Cost ♦ Perfect for File transfer and printing application ♦ Simultaneous handling of data and voice on the same channel
- 6. Application Of BlueTooth ♦ PC and Peripheral networking ♦ Hidden Computing ♦ Data synchronization for Address book and calendars ♦ Cellphone acting as a modem for PDA or Laptop ♦ Personal Area Networking (PAN) – Enabling a collection of YOUR personal devices to cooperatively work together
- 7. Bluetooth in the Home - No Wires xDSL Access Point PDA Cell Phone Cordless Phone Base Station Inkjet Printer Scanner Home Audio System Computer Digital Camera MP3 Player
- 8. Hotel Phone & Access Point And On the Road Car Audio System Pay Phone & Access Point Headset MP3 Player PDA Cell Phone Laptop
- 9. BLUETOOTH NETWORKS ♦ PICONET ♦ SACTTERNET
- 10. BLUETOOTH PICONET ♦ Bluetooth devices create a piconet ♦ One master per piconet ♦ Up to seven active slaves ♦ Over 200 passive members are possible ♦ Master sets the hopping sequence ♦ Transfer rates of 721 Kbit/sec ♦ Bluetooth 1.2 and EDR (aka 2.0) ♦ Adaptive Frequency Hopping ♦ Transfer rates up to 2.1 Mbit/sec
- 11. BLUETOOTH SCATTERNET ♦ Connected piconets create a scatternet ♦ Master in one and slave in another piconet ♦ Slave in two different piconets ♦ Only master in one piconet ♦ Scatternet support is optional
- 13. Inquiry (Discovering Who’s Out There) D A H M N L P O Q B C F KJ G I E H Note that a device can be “Undiscoverable”
- 14. Paging (Creating a Piconet) D E F H G I K J C M N L P O Q BBAA 10 meters
- 16. SECURITY ISSUES AND ATTACKS UNVEILED
- 17. AGENDA ♦ Issues and Origin ♦ Threat Sources ♦ Risks ♦ Demonstration
- 18. A COMMON MISCONCEPTION ♦ No practical Bluetooth vulnerabilities ♦ The core bluetooth protocol has maintained its integrity ♦ A corectly implemented Bluetooth stack should have no vulnerabilities
- 19. MYTHS DEBUNKED ♦ Bluetooth needs pairing ♦ Short Range(1.7miles achieved) ♦ Only mobile devices affected ♦ Non-Discoverable saves me ♦ Secure as Encryption is Used
- 20. SECURITY MODES ♦ Security mode 1 ♦ No active security enforcement ♦ Security mode 2 ♦ Service level security ♦ On device level no difference to mode 1 ♦ Security mode 3 ♦ Device level security ♦ Enforce security for every low-level connection
- 21. Who is Vulnerable ♦ Both individuals and corporations ♦ Owners of various popular phones.nokia 6310,Ericsson T series ♦ PC owners,Laptop users and other pocket PC owners ♦ Symbion device owners ♦ Embedded devices,Bluetooth heating systems etc
- 22. What is Possible? ♦ Theft of Information,personal,or corporate ♦ Device DoS ♦ Remote Code execution ♦ Corporate espionage ♦ Airborn viruses or worms
- 23. ATTACKS IDENTIFIED ♦ June 2003 Ollie Whitehouse releases RedFang ♦ Pentest Ltd release btscanner ♦ Nov 2003 BLUEJACKING comes to open ♦ Jan 2004 BLUESNARFING unveilled
- 24. VARIOUS ATTACKS ♦ The BlueSnarf Attack ♦ The HeloMoto Attack ♦ The BlueBug Attack ♦ Bluetooone ♦ Blueprinting
- 25. BLUESNARFING Trivial OBEX PUSH channel attack – obexapp (FreeBSD) – PULL known objects instead of PUSH – No authentication ● Infrared Data Association – IrMC (Specifications for Ir Mobile Communications) ● e.g. telecom/pb.vcf ● Ericsson R520m, T39m, T68 ● Sony Ericsson T68i, T610, Z1010 ● Nokia 6310, 6310i, 8910, 8910i
- 26. HELOMOTO ♦ Requires entry in 'Device History' ♦ OBEX PUSH to create entry ♦ Connect RFCOMM to Handsfree or Headset ♦ No Authentication required ♦ Full AT command set access ♦ Motorola V80, V5xx, V6xx and E398
- 27. BLUEBUGGING BlueBug is based on AT Commands (ASCII Terminal) – Very common for the configuration and control of telecommunications devices – High level of control... ● Call control (turning phone into a bug) ● Sending/Reading/Deleting SMS ● Reading/Writing Phonebook Entries ● Setting Forwards
- 28. BLUETOONE ♦ Enhancing the range of a Bluetooth dongle by connecting a directional antenna -> as done in the Long Distance Attack
- 29. BLUEPRINTING ♦ Blueprinting is fingerprinting Bluetooth Wireless ♦ Technology interfaces of devices ♦ Relevant to all kinds of applications ♦ Security auditing ♦ Device Statistics ♦ Automated Application Distribution ♦ Released paper and tool at 21C3 in December 2004 in Berlin
- 30. BLUESMACK ♦ Using L2CAP echo feature ♦ Signal channel request/response ♦ L2CAP signal MTU is unknown ♦ No open L2CAP channel needed ♦ Buffer overflow ♦ Denial of service attack
- 31. AFFECTED DEVICES ♦ A small number of Bluetooth implementations are common across many platforms ♦ The most popular devices are vulnerable ♦ Result is a large number of affected devices in public ♦ Tests show between 85% and 94% vulnerability
- 32. IMPACT ON INDIVIDUALS ♦ Information theft by advertisers ♦ Location based SPAM ♦ ID theft ♦ Theft through billing ♦ Call theft
- 33. CORPORATE IMPACT ♦ Information theft ♦ Corporate espionage ♦ Bribery
- 35. Thank You