User:Benhenzell

An Introduction To Bluetooth

Rysavy, P. (2004). 'Brush up on Bluetooth', Network Computing, vol.15, no12. p86. [Online] Available: Academic Search Elite, 13587689. [Accessed 4 Aug 2004]

Rysavy offers a introductory look at Bluetooth, including it's capabilities for those technically minded and those not. The article also reveals some of Bluetooth's vulnerabilities and problems, as well as a guide on how to use it with several devices.

Bluetooth, the wireless personal area networking (PAN) technology is now widely available in cell phones, PDAs, access points, telephone head sets, mice, keyboards, printers and even digital pens.

Rysavy explains that adoption has been relatively slow, although is expected to speed up with Microsoft's Windows XP service pack 2 including Bluetooth support, as well as more phones including the wireless technology. His opinion supports the ability of Bluetooth, although at the same time he does imply a need for more research by manufacturers.

After a rather basic introduction to Bluetooth Rysavy offers a technical review of how Bluetooth works using a Nokia 6230, Bluetooth headset, a digital pen and a Windows notebook computer. A step by step guide allows all levels of technically experienced people to experience Bluetooth.

Overall giving a positive response to using Bluetooth, future improvements into wireless technology is expressed with some exciting prospects mentioned.

Brooks,J. (2004) 'Bluetooth Update Shows Maturity:Tech Analysis:Anycom Adapters Demonstrate Gains, But Much Work Remains', eWeek, vol. 26, no. 28, p.60 [Online] Available: Academic Search Elite, ISSN:1530-6283 [Accessed 4/8/04].

Brooks offers a description of how Bluetooth has evolved. Bluetooth has made improvements since its introduction in 1998. Although it still is far from early expectations surrounding the wireless technology. When Version 1.2 was completed late last year eWeek analysed, tested and compared it to 1.1. Although significant improvements are obvious, 'tricky problems remain'.

Improvements made with 1.2 are:

• Enhanced enquiry, therefore almost instant and more reliable pairing
• Less interference with similar radio transmitting devices such as radio's
• Improved voice data, allowing a clearer sound quality

Brooks argues that criticism arises for some manufacturers who have not included scatternets (allows multiple Bluetooth devices to be used without conflicting) in the latest version of Bluetooth. Although some major developers have decided to wait for the next version there are devices including scatternet.

This article illustrates that it is clear manufacturers have a long way to go in developing Bluetooth to meet expectations, some of these expectations include the ability to transmit stereo quality sound and video. Brooks argues that it is disappointing to see to such slow evolution of a fantastic technology that has huge potential, however, waiting is the only answer.

Security of Bluetooth

Schwartz, S. (2004) 'Beware, Bluetooth Can Bite: Manufacturers' Lax Attitude to Security leave wireless devices vulnerable', InfoWorld, vol.26, no.30, p.20.[Online] Available: Academic Search Elite, ISSN:0199-6649 [Accessed 2/8/03].

Scwartz's article raises security concerns for the wireless technology so widely used in today's world. There are approximately 250 million Bluetooth devices in the world, often transmitting extremely sensitive data, such as bank account information, personal information, or any corporate information for that matter. With the improvement of Bluetooth, class 1 devices have a range of 300 feet. This only raises the level of threat.

The article explains that Bluetooth do have a security specification, although unless stated on the box, it is likely this has not been enabled by the manufacturer. Scwartz's article concludes by arguing that if company's wish to market such high tech devices, security must be improved.

Brewin, B. (2004) 'Bluetooth Vendor Group Downplays Security Risks' Computerworld, vol. 38, no. 20, p.12. [Online] Available: Academic Search Elite database. [Accessed 8 Aug. 2004]

Brewin offers an introductory view of the arguments surrounding Bluetooth security. Although advocates in the Bluetooth and mobile phone industry play down security risks associated with the wireless technology, people in the IT security industry recently revealed its vulnerability. Focusing on mobile phone hacking known as 'bluesnarfing', opinions are clearly and unbiasedly expressed, although it does appear evident contrary to some beliefs that steps must be taken to improve security levels on Bluetooth applications.

Knowledgeable opinions are expressed and quoted from the following professionals:

• Bluetooth Advocate: Mike McCamon, marketing director of the Bluetooth special interest group
• Consumer: Ken Pasley, director of wireless business development at FedEx Corp
• IT Security: Adam Laurie, CEO of A.L. Digital Ltd., (network security firm)

The article reveals technical information on how to avoid being hacked, and what phones are vulnerable. It reveals an introductory look at what is capable for hackers with wireless technology.

Laurie, B & L (2003) Serious flaws in Bluetooth security lead to disclosure of personal data [Online]. Available: http://www.thebunker.net/release-bluestumbler.htm [Accessed 4th Aug 2004].

In November 2003 Adam Laurie of A.L. Digital Ltd (IT security firm) discovered and began research on the vulnerabilities of Bluetooth devices. Three vulnerabilities were found:

1. Confidential data can be obtained, anonymously, and without the owner's knowledge or consent, from some Bluetooth enabled mobile phones.
2. It has been discovered that complete memory contents on various mobile phones can be accessed by a previously trusted ("paired") device that has since been removed from the trusted list. The data can then be backed up onto the attackers own system.
3. Access can be gained to the AT command set of the device, giving full access to the higher level commands and channels, such as data, voice and messaging.

Current Revealed Vulnerabilities

The SNARF attack

• It is possible for attackers to connect to the device without alerting the user, once in the system sensitive data can be retrieved, such as the phone book, business cards, images, messages and voice messages. Further information can be accessed although will not be released at this stage.

The BACKDOOR attack

• The backdoor attack is a higher concern for Bluetooth users; it allows attackers to establishing a trust relationship through the "pairing" mechanism, but ensuring that the user can not see the target's register of paired devices. In doing this attackers have access to all the data on the device, as well as access to use the modem or internet, WAP and GPRS gateways may be accessed without the owner's knowledge or consent.

The BLUEBUG attack

• This attack gives access to the AT command set, in other words it allows the attacker to make premium priced phone calls, allows the use of sms, or connection the internet. Attackers can not only use the device for such fraudulent exercises it also allows identity theft to impersonate the user.

Bluejacking

• Bluejacking allows attackers to send messages to strangers in public via Bluetooth. When the phones 'pair' the attacked can write a message to the user. Although it may seem harmless at first, there is a downside. Once connected the attacker may then have access to any data on the users Bluetooth device, which has obvious concerns.

Further vulnerabilities are currently being researched

Recommendations are offered for users, although some of the mentioned attacks do not appear to have preventions. Normally such attack information is not made public, in this case it is believed to be the only responsible action to take, as manufacturers are not taking enough precautions, and simply because of the risk levels and large number of Bluetooth devices worldwide.

Laurie offers manufacturers and consumers a warning, and for good reason; with risks apparently ignored by phone company's such reports must be made available to the public.

BIERSDORFER, J (24/6/2004) 'Worms Like Wireless Phones, Too', New York Times, [Online]. Available: http://www.nytimes.com/2004/06/24/technology/circuits/24viru.html?ei=5070&en=80741aeb3d6104c6&ex=1091592000&adxnnl=1&adxnnlx=1091491524-xsoWax/eO934NSoRSoeC0w

This article illustrates the possible future of security and viruses. Biersdorfer reveals that Bluetooth technology has now allowed worms which are ever so common on computers through the internet to attack mobile phones and spread across different handsets. A antivirus software company, announced its discovery of the worm on June 14, which was sent to them anonymously. The worm which is called 'Cabir' is only capable of attacking limited phone models, and has not raised high levels of concerns in the industry. The worm unlike so many computer worms is not destructive, although may motivate other worm creators to write destructive viruses.

Dibble, T (2003) 'Bluejack city: a new wireless craze is spreading through Europe' [Online]. Available: http://www.sys-con.com/Wireless/article.cfm?id=710 [Accessed 4/8/04.

Dibble offers a lighter view at the Bluetooth trend spreading around the world; bluejacking. Although bluekacking has become more popular in Europe, it is thought the UK is home to most bluejackers. Explaining the methods of bluejacking, as well as the advantages of the phenomenon he does not reflect the now serious concerns as other professionals have. It may be that Dibble himself is unsure of the implications that can arise with as he likes to call it 'bluejacking craze'.

Having a shot at mobile carriers he explains it is a way around being charged for sms costs, although is limited by the transmitting distance of the Bluetooth device. A simple how to bluejack guide is also offered, as well as some scenarios that bluejacking might occur.

Luo, X. Lee, C. (2004). Micropayments in Wireless M-Commerce: Issues, Security, and Trend[Online]. Available: http://www.arraydev.com/commerce/jibc/0402-10.htm [Accessed 4/8/2004]

Carrying on from where the internet's micropayments left is where the future of the wireless mobile industry lies according to Luo and Lee. Micropayments are any payment under $10 to buy and sell digital goods over the internet. This style of payment created high expectations of the internet in the 90's although did not seem to meet them.

This article offers a in-depth look at the potential of the micropayment scheme over wireless devices. The report includes tasks that must first be completed by all parties involved including, banks, credit card companies, phone companies, phone carriers and retail companies for wireless transactions to become popular, and secure.

Bluetooth is suggested as the data transfer method due to its stronger resistance to hacker's compared to Wi-Fi. Although Lee and Luo do admit there are many concerns with current security levels regarding Bluetooth, such as the Snarf attack, the backdoor attack, Bluebugging and bluejacking.

Examples of the wireless transactions are offered, due to a significant expansion in the number of mobile devices that can facilitate payment. Europe and Asian countries already offer electronic newspapers, subway tickets, and car parking fees via wireless devices.

Whitehouse, O. (2003).'War Nibbling: Bluetooth Insecurity' [Online]. Available: http://www.atstake.com/research/reports/acrobat/atstake_war_nibbling.pdf [Accessed 9/8/04]

This research report offers a full review on the types of Bluetooth devices that have vulnerabilities, how to attack such devices by 'warnibbling', and how to protect them. Whitehoues offers an insightful look at the capabilities of wireless hacker's using his software (Redfang) designed to locate Bluetooth devices and hack into them.

Warnibbling is a hacking technique using Redfang, or similar software that allows hackers to reveal corporate or personal sensitive information. Whitehouse offers a step by step guide, illustrating the ease of obtaining such information and the problems associated with it.

Whitehouse's accurate and technical report on warnibbling supports previous research to inform and educate manufacturers and consumers of the problems we face with wireless technologies. His knowledge is illustrated which strongly supports any arguments in the wireless security industry, which have arisen recently due to the ease of warnibbling, bluesnarfing, bluejacking and other Bluetooth security issues.