BlueSniff: Eve meets Alice and Bluetooth

Authors:
Dominic Spill;Andrea Bittau
Affiliations:
University College London;University College London
Venue:
WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
Year:
2007

Citing 3
Cited 8

Security Weaknesses in Bluetooth

CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Cracking the Bluetooth PIN

Proceedings of the 3rd international conference on Mobile systems, applications, and services
A preliminary investigation of worm infections in a bluetooth environment

Proceedings of the 4th ACM workshop on Recurring malcode

New efficient intrusion detection and prevention system for Bluetooth networks

Proceedings of the 1st international conference on MOBILe Wireless MiddleWARE, Operating Systems, and Applications
RFDump: an architecture for monitoring the wireless ether

Proceedings of the 5th international conference on Emerging networking experiments and technologies
Two practical man-in-the-middle attacks on bluetooth secure simple pairing and countermeasures

IEEE Transactions on Wireless Communications
Packets in packets: Orson Welles' in-band signaling attacks for modern radios

WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
Comprehensive experimental analyses of automotive attack surfaces

SEC'11 Proceedings of the 20th USENIX conference on Security
BlueSnarf revisited: OBEX FTP service directory traversal

NETWORKING'11 Proceedings of the IFIP TC 6th international conference on Networking
How privacy leaks from bluetooth mouse?

Proceedings of the 2012 ACM conference on Computer and communications security
Bluetooth: with low energy comes low security

WOOT'13 Proceedings of the 7th USENIX conference on Offensive Technologies

Quantified Score

Hi-index	0.00

Visualization

Abstract

Much of Bluetooth's data remains confidential in practice due to the difficulty of eavesdropping it. We present mechanisms for doing so, therefore eliminating the data confidentiality properties of the protocol. As an additional security measure, devices often operate in "undiscoverable mode" in order to hide their identity and provide access control. We show how the full MAC address of such master devices can be obtained, therefore bypassing the access control of this feature. Our work results in the first open-source Bluetooth sniffer.