Detecting Non-Discoverable Bluetooth Devices

  • Daniel Cross
  • Justin Hoeckle
  • Michael Lavine
  • Jason Rubin
  • Kevin Snow
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 253)

Mobile communication technologies such as Bluetooth are becoming ubiquitous, but they must provide satisfactory levels of security and privacy. Concerns about Bluetooth device security have led the specification of the “non-discoverable” mode, which prevents devices from being listed during a Bluetooth device search process. However, a nondiscoverable Bluetooth device is visible to devices that know its address or can discover its address. This paper discusses the detection of non-discoverable Bluetooth devices using an enhanced brute force search attack. Our results indicate that the average time to attack a non-discoverable Bluetooth device using multiple search devices and condensed packet timing can be reduced to well under 24 hours.

Keywords: Bluetooth security, device discovery, non-discoverable mode

References

  1. Bluetooth Special Interest Group, Bluetooth core specification v2. 0 + EDR (bluetooth. com/Bluetooth/Learn/Technology/Specifications), 2004.Google Scholar
  2. Bluetooth Special Interest Group, Wireless security (www.bluetooth. com/ Bluetooth/Learn/Security), 2007.
  3. C. Gehrmann, Bluetooth security white paper, Bluetooth SIG Secu- rity Expert Group (grouper. ieee. org/groups/1451/5/Comparison%20of% 20PHY/Bluetooth 24Security Paper. pdf ), 2002.Google Scholar
  4. [4]
    K. Haataja, Two practical attacks against Bluetooth security using new enhanced implementations of security analysis tools, Proceedings of the IASTED International Conference on Communication, Network and Information Security, pp. 13-18, 2005.Google Scholar
  5. J. Hallberg, M. Nilsson and K. Synnes, Bluetooth positioning, Proceed- ings of the Third Annual Symposium on Computer Science and Electrical Engineering, 2002.Google Scholar
  6. M. Herfurt, and C. Mulliner, Remote device identification based on Blue- tooth fingerprinting techniques, White Paper (version 0. 3) (trifinite. org/ Downloads/Blueprinting. pdf ), 2004.Google Scholar
  7. IEEE Registration Authority, Public OUI listing (standards. ieee. org/reg auth/oui/index. shtml), 2006.Google Scholar
  8. A. Kumar, BlueHoc: Bluetooth performance evaluation tool (bluehoc. sou rceforge. net).Google Scholar
  9. M. Lev-Ram, Bluetooth’s amazing makeover, Business 2. 0, June 14, 2007.Google Scholar
  10. [10]
    F. Wong and F. Stajano, Location privacy in Bluetooth, Proceedings of the Second European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (LNCS 3813), R. Molva, G. Tsudik and D. Westhoff (Eds. ), Springer-Verlag, Berlin-Heidelberg, pp. 176-188, 2005.CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Daniel Cross
    • 1
  • Justin Hoeckle
    • 1
  • Michael Lavine
    • 1
  • Jason Rubin
    • 1
  • Kevin Snow
    • 1
  1. 1.Information Security InstituteHopkins UniversityBaltimoreUSA

Personalised recommendations