The Hidden Risks of Bluetooth
Short summary:
Bluetooth Profiles (RFCOMM, BNEP, OBEX) PPP, IP stack, Applications ... switches are protected from wireless hacking. through a 48-bit software encryption key. ...
Long summary:
Bluetooth device address (BD_ADDR) Makes hopping pattern unique for each device, limits collisions Recent interference avoidance features Hidden Risks of Bluetooth © 2006 Aruba Networks Bluetooth Protocol Stack (not to scale) Radio Interface, RF Controller Baseband Controller, Framing Link Manager Protocol (LMP) Host Controller Interface (HCI) Logical Link Control and Adaptation Protocol Bluetooth Profiles (RFCOMM, BNEP, OBEX) PPP, IP stack, Applications Hidden Risks of Bluetooth © 2006 Aruba Networks Bluetooth Baseband, Framing BD_ADDR, 802-compliant 48-bit address for each device Used as a secret in Bluetooth Baseband header is 18 bits, FEC 1/3 encoded (010 000111000) UAP NAP LAP LSB MSB 24 bits 8 bits 16 bits 3 bits 4 bits 1 bit 1 bit 1 bit 8 bits HEC AM ADDR TYPE F L O W A R Q N S E Q N 18 bits, FEC 1/3 produces 54 bits (yes, 54 bits, try keeping track of that in your head while reading hex dumps) OUI, assigned to manuf. Assigned by manufacturer LSB MSB Hidden Risks of Bluetooth © 2006 Aruba Networks Joining the Piconet Master initiates connection to slave FH based on master BD_ADDR Slave must know BD_ADDR to determine correct hopping sequence Discovering the BD_ADDR Inquiry Known as discoverable mode Devices response to inquiries with BD_ADDR information Hidden Risks of Bluetooth © 2006 Aruba Networks Pairing Devices When two devices first meet, they pair Slave must have knowledge of BD_ADDR through inquiry or user input Pairing information recorded, may contain authentication credentials Inquiry mode no longer necessary since BD_ADDR is recorded on slave Hidden Risks of Bluetooth © 2006 Aruba Networks Bluetooth Profiles Software features to implement application functionality RFCOMM serial port emulation OBEX Object Exchange (file transfer) Ultimate Headset Headset audio BNEP Network Encapsulation Protocol Dial-up Networking, cordless phone, fax, PIM synchronization, etc. Security for profiles are independently controlled Hidden Risks of Bluetooth © 2006 Aruba Networks Bluetooth Security Options Three security modes ...
Source: www.willhackforsushi.com
Search Terms:
Related
Bluetooth Hacking - Full Disclosure, Bluetooth Hacking Full Disclosure @ 21C3.
Blue snarfing Data Theft Calendar
Appointments Images Phone Book Names,
Addresses, Numbers PINs and other codes
Images Bluetooth Hacking Full Disclosure
...,
more
Hacking Bluetooth Enabled Mobile Phones and Beyond, Bluetooth Scatternet. All security
routines are inside the Bluetooth chip.
Bluetooth Technology Data and voice
transmission ACL data connections SCO and
eSCO voice channels Symmetric and
asymmetric connections Frequency hopping
ISM band ...,
more
An Ethical Guide to Hacking Mobile Phones, Bluetooth Hacking. Bluejack Attack OBEX
Push Bluespamming Bluetoothing Modifying a
Remote Mobile Phones Address Book Fadias
Hot Tools for Bluejacking Countermeasures,
more
