Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Case Study: BlueBag finds Bluetooth flaws

A portable lab? Now that's what I call a 'case' study!

Article comments

If you happened to fly through Milan's Malpensa Airport last March, your mobile phone may have been scanned by the BlueBag.

Milan's Secure Network SRL created Bluebag, a research lab on wheels, to study how malicious software might be able to spread among devices that use the Bluetooth wireless standard.

The researchers hid a Bluetooth-sniffing computer in a suitcase that was rolled through train stations, a shopping center, and even a computer security conference show floor this year to see how many Bluetooth-enabled devices attackers could potentially infect with a worm or a virus.

The answer: quite a lot. In just under 23 hours of travel, BlueBag was able to spot more 1,400 devices with which, in theory, it could have connected, including Nokia phones and TomTom GPS devices, said Stefano Zanero, Secure Network's co-founder and chief technology officer.

"Most of the devices that we found were from the same manufacturers because their default Bluetooth connection setup is to be discoverable, which is very good for ease of use, but very bad for security," he said.

Though many Bluetooth devices are designed to be hidden or detectable for very short periods of time, some manufacturers make their products detectable by default to simplify hook up with other Bluetooth-enabled machines - a car sound system for example. Unfortunately, this practice also makes life easier for hackers, Zanero said. "Any discoverable device is potentially vulnerable to attacks," he said.

Obex and vCard are a worry
For example, BlueBag found 313 devices with the Obex (Object Exchange) vCard and vCalendar exchange service enabled, making them prey for known Bluetooth virus attacks.

BlueBag's data is going to help Zanero and his researchers understand how attackers might use Bluetooth's ability to connect with other devices to create a targeted attack.

In a scenario they've envisioned, the bad guys could infect Bluetooth devices in a train station one morning, telling them to infect other equipment and seek out specific pieces of information. "You can deliver your malware, leave it for a few hours, and then catch it when [the user] goes home," Zanero said. "This makes it possible to perform the targeted attack that we have in mind."

At this summer's Black Hat USA 2006 conference in Las Vegas, the Secure Network team plans to unveil some proof of concept malware showing how this type of attack might work. The conference will also see Wi-Fi attacks exposed.

The hard part has been devising a protocol that will allow the malware to report back to an attacker. And since the researchers can't actually infect a bunch of Bluetooth phones, they need BlueBag to provide them with data so they can estimate how such malware might spread. "This gives you the figures you need for creating some small, not-very-reliable models of how these worms could interact," Zanero said.

Secure Network's research, which was co-sponsored by antivirus vendor F-Secure, is not the first to highlight Bluetooth's security vulnerabilities.

A year ago, hackers showed how they could connect to hands-free Bluetooth systems in some cars to eavesdrop on telephone conversations and even talk to unsuspecting drivers. The software, called Car Whisperer, took advantage of poor security programming techniques on the part of the car manufacturers. Earlier Bluetooth attacks used a phone as a listening bug.

And variants of the Cabir Bluetooth viruses have been around since it appeared two years ago. Cabir, which has never become widespread, preys on the kind of discoverable phones that BlueBag measured.

To avoid being bitten by Bluetooth attacks, Zanero says users should check their settings and make sure their device is set to be "hidden" or "non-discoverable."

This isn't a panacea, but it will make things harder for attackers. Using Bluetooth is "like sex," Zanero said. "It's better with precautions."

The BlueBag project is described here.


Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *