GB2439364A - Security in bluetooth enabled computing devices - Google Patents

Security in bluetooth enabled computing devices Download PDF

Info

Publication number
GB2439364A
GB2439364A GB0612120A GB0612120A GB2439364A GB 2439364 A GB2439364 A GB 2439364A GB 0612120 A GB0612120 A GB 0612120A GB 0612120 A GB0612120 A GB 0612120A GB 2439364 A GB2439364 A GB 2439364A
Authority
GB
United Kingdom
Prior art keywords
computing device
bluetooth
list
unique
banned
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0612120A
Other versions
GB0612120D0 (en
Inventor
John Turner
Tim Howes
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Symbian Software Ltd
Original Assignee
Symbian Software Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Symbian Software Ltd filed Critical Symbian Software Ltd
Priority to GB0612120A priority Critical patent/GB2439364A/en
Publication of GB0612120D0 publication Critical patent/GB0612120D0/en
Priority to PCT/GB2007/002278 priority patent/WO2007148069A1/en
Publication of GB2439364A publication Critical patent/GB2439364A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/54Store-and-forward switching systems 
    • H04L12/56Packet switching systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M11/00Telephonic communication systems specially adapted for combination with other electrical systems
    • H04Q7/38
    • H04Q7/3802
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/128Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware

Abstract

A Bluetooth-equipped device is provided with a maintained list of banned devices from which no connection will be accepted. This enables a destination device to avoid receiving malware or other connections with malicious intent from Bluetooth-equipped source devices whose identity is on the banned device list without any user intervention. In a preferred embodiment a Bluetooth profiles permission bitmap may be used to permit access to the destination device to be granted on a per-service basis instead of having to trust the source device with access to all available services, as is currently the case.

Description

<p>1 2439364 Improving Security in Bluetooth Enabled Computing Devices
This invention discloses improvements in the security of Bluetooth-enabled computing devices.</p>
<p>The term computing device' includes, limitation, Desktop and Laptop computers, Personal Digital Assistants (PDAs), Mobile Telephones, Smartphones, Digital Cameras and Digital Music Players. It also includes converged devices incorporating the functionality of one or more of the classes of such devices, together with many other industrial and domestic electronic appliances.</p>
<p>In the last ten years, it has become increasingly common for computing devices to be equipped with wireless networking technologies. One of these is BluetoothTM, also known as IEEE 802.15.1, a short-range wireless technology enabling various types of computing devices to be interconnected for a variety of purposes. Full details of the protocols and the hardware appear on the official Bluetooth web site at http://www.bluetooth.com.</p>
<p>Although Bluetooth can be used to wirelessly connect any type of computing device to any other, because of its low power consumption and its ability to eliminate the need to carry around bulky cables, it has become particularly popular for use in conjunction with portable battery operated devices such as mobile telephones and personal digital assistants (PDAs).</p>
<p>For example, Bluetooth headsets for mobile telephones are in widespread use, replacing the wired hands-free version. Other common uses for this technology in portable devices include linking them to desktop computers for the transfer of files and synchronisation of various types of data, and the use of Bluetooth to send messages between one mobile device and another, including multimedia messages that may include sound, photographs, and video clips.</p>
<p>But because Bluetooth technology can also be used to create ad-hoc wireless connections that can transfer any type of data between one device and another, it has become a target for anyone searching for security flaws in protocols that might allow them unauthorised access to Bluetooth-enabled computing devices. Bluetooth has the potential to become a vehicle for the transmission of malicious programs (known as ma/ware) such as computer viruses and trojan horses. It is known that this type of infection can invade any type of computing device, and the risk is significantly greater when a computing device is able to connect to other devices.</p>
<p>Bluetooth does provide various security mechanisms that can be used to prevent unwanted connections to a device and a subsequent infection by malware. These include verifying the authenticity of the remote device and asking the user whether they wish to accept the connection. Furthermore, if a connection does result in some type of file transfer, users can be prompted as to whether they wish to accept such a transfer. If they do accept a transfer, and an executable program file is transferred to them, they can also be prompted as to whether they wish to install or run the executable program.</p>
<p>Should the program appear to originate from an unknown or untrusted source, a further warning can be given.</p>
<p>Despite the security measures described above, which can require a user of a Bluetooth device to accept an initial connection and ignore three further warnings, it is known that users of Bluetooth-enabled devices are becoming infected by malware. For example, users of mobile telephones running Symbian OS, the advanced operating system for smartphones from Symbian Ltd, have been targeted by malware such as the so called Cabir' Mabir' and Lasco' worms, which are capable of spreading from one mobile telephone to another via Bluetooth connections.</p>
<p>Despite the multiple positive decisions that a user has to make and the warnings they have to ignore, BBC reports indicate that this type of infection has been found in 17 different countries (see http://news.bbc.co.k//hi/technology/44451 25.stm). It is clear, therefore, that users do not always heed warnings given at the installation phase about the dangers of untrusted software.</p>
<p>In order to understand why this is so, let us consider the following scenario, which corresponds fairly closely to the way that malware such as Cabir spreads from one device to another. An item of malware running on device A keeps trying to create a connection to device B to transmit a copy of itself, thereby infecting device B. Because of the repeated connection attempts, the user of device B will be bombarded with questions as to whether they should accept the connection from device A. Refusing the request means they will be asked the same question again in a few seconds, requiring another refusal, followed by another request, and so on.</p>
<p>In such a situation, the user has a limited number of options: 1. Switch off the phone. Users are understandably reluctant to do this.</p>
<p>2. Switch Bluetooth off. This is likely to be inconvenient, most obviously when the user is relying on a Bluetooth device such as a headset.</p>
<p>3. Switch Bluetooth to non-discoverable mode, which prevents the device from responding to inquiry requests from other Bluetooth devices.</p>
<p>Doing this means that it will not be possible to initiate a session with any devices that haven't been communicated with previously; this is less drastic than switching off either the phone or the Bluetooth functionality, but does mean that all welcome inquiries are prevented as well as all unwelcome ones.</p>
<p>4. Physically move out of range of the remote device. Again, this may not be possible, especially since Bluetooth is not directional and there is no way of telling where the requests are coming from.</p>
<p>5. Deny each individual connection attempt. This is tiresome; the continual requests for connection are such a nuisance that the user is worn down, and comes to believe that the only way to stop the continual requests for connection is to ignore the warnings and accept a copy of the malware onto their device.</p>
<p>The perception behind this invention is that there is a weakness in the Bluetooth specifications in that they provide no mechanism which can be used to block any single given remote device from making any connections to the local device. This invention provides a remedy for this weakness, and enables a Bluetooth enabled device to maintain a list of remote devices from which all connection requests will be ignored without reference to the user.</p>
<p>According to a first aspect of the present invention there is provided a method of operating a first computing device having Bluetooth wireless networking capability, the method comprising maintaining a list of unique identifiers of banned computing devices on the first computing device, whereby the first computing device is able to avoid accepting a connection from a second computing device seeking without user intervention if the unique identity of the second computing device matches an identifier in the list.</p>
<p>According to a second aspect of the present invention there is provided a computing device arranged to operate in accordance with a method of the first aspect.</p>
<p>According to a third aspect of the present invention there is provided an operating system for causing a computing device to operate in accordance with a method of the first aspect.</p>
<p>Embodiments of the present invention will now be described, by way of further example only, with reference to the accompanying drawings, in which:-Figure 1 shows a paging procedure between Bluetooth equipped devices in</p>
<p>accordance with the prior art;</p>
<p>Figure 2 shows a paging procedure between Bluetooth equipped devices in accordance with the present invention; and Figure 3 shows a list of Bluetooth profiles, including an example of a Bluetooth profiles permissions bitmap.</p>
<p>Those skilled in the art will be aware that most Bluetooth stack implementations are able to maintain, at the request of the user, a list of paired and trusted devices. This list is used by the Bluetooth security manager to bypass some of the Bluetooth security mechanisms. In particular, devices on the paired list maintain stored link keys which can be used for authentication purposes with no user interaction.</p>
<p>In this invention, a complementary list of banned devices is maintained by the Bluetooth security manager. The complementary list contents can be a straightforward list of the unique IDs that are allocated to all Bluetooth devices; these are similar to the unique MAC addresses allocated to Ethernet network cards, and are 48 bits long.</p>
<p>The ID of any device seeking to establish a connection (which would be either a source or a master device in Bluetooth parlance) is always disclosed in the FHS (Frequency Hopping Synchronization) packet that the seeking device sends as part of the Bluetooth paging procedure to any other computing device (which would be a destination or a slave device in Bluetooth parlance) with which it was seeking to establish a connection.</p>
<p>Prior to this invention, a Bluetooth slave device participating in the paging procedure would have received this FHS packet from the master, and would have responded by entering step 2 of the slave response state and then sent the master an ID packet containing its device access code. This procedure is shown in figure 1.</p>
<p>However, a slave device implementing this invention is arranged to store a list of banned devices to which access via a Bluetooth connection will always be denied. Hence, the slave device firstly compares the transmitted ID of the master contained in the FHS with the ID entries in its banned list; if there is a match, then the slave device remains silent and neither responds to the FHS packet nor continues with the specified steps of the slave response states. It terminates all participation in the paging procedure and returns to the start of the inquiry procedure, when it may once again be discovered by source devices. This procedure is shown in figure 2.</p>
<p>This invention does not prevent the source Bluetooth device from attempting to page the destination device again; nor does it prevent the source Bluetooth device from seeking to re-discover the destination device via the enquiry phase. What this invention does do is ensure that as soon as a device implementing it finds out that the ID source device is on its banned list, it immediately terminates the session completely transparently from the user of the device, whose user experience is thereby improved, and who would not be repeatedly paged into accepting an unwanted connection simply to make the repeated paging requests go away.</p>
<p>A number of mechanisms can be used to add Bluetooth IDs to the banned list.</p>
<p>These may include without being limited to the following: 1. Giving the user the option to add the ID of a source device to the banned list whenever they refuse a connection attempt from the device.</p>
<p>2. Automatically adding the ID of a source device to the list after a certain number of refused connection attempts, either in total or within a given time period.</p>
<p>3. Adding an ID to the list if it had been received from a known and trusted source; so, for example, an infected device in a particular physical environment such as a company site could be effectively quarantined from all devices in the environment.</p>
<p>An extension of this invention permits the security mechanisms of the Bluetooth paging procedure to allow per-profile configuration. Bluetooth profiles are separate collections of various mandatory and optional elements and parameters of the Bluetooth protocols and specifications each of which define a particular set of functionality. A list of the currently available Bluetooth profiles is shown in Figure 3.</p>
<p>At present, without this invention, once a source device is trusted by a destination, the source device can gain access to all the services provided by any Bluetooth profile that might be available on the destination. In order to prevent this dangerously wide access, the banned list described above can be modified by replacing it with a table that links device IDs in paired tuples with a permissions bitmap signifying which Bluetooth profiles that those IDs would be allowed to access. The usual convention for such a bitmap would be for a zero (0) bit to represent a barred service and for a set (1) bit to represent allowed services. Figure 3 shows a permissions bitmap for a Bluetooth headset, where the bitmap 1100110000000000000010000 indicates that the (mandatory) Generic Access Profile and Service Discovery Application Profile are both allowable, together with the Headset Profile and Hands-free Profile, and the Serial Port Profile on which they both depend.</p>
<p>In conjunction with a default permissions bitmap, this table would effectively function as both a blacklist and as a whitelist. Any Bluetooth source device whose ID did not appear in the table would be able to use the default set of permissions; but this set could be restricted or extended for any device whose ID did appear in the table.</p>
<p>Thus, a completely banned ID would have its ID paired with a bitmap in which all bits were zero, and a totally trusted ID would have its ID paired with a bitmap in which all the bits were set to 1.</p>
<p>Between these extremes, a destination device would implement either per-profile configuration at the level of the mandatory Service Discovery Application Profile (SDAP), or per-service configuration at the level of the Bluetooth Service Discovery Protocol (SDP) on which SDAP depends. In either case, the responses that the destination device gives to the source device would depend not on the actual capabilities of the device, but would depend on the permissions bitmap of the source device. The destination device would deny the availability of any profiles or services to which the client did not have permission to access. This would effectively bar an unauthorised device from accessing them.</p>
<p>Alternatively, a destination device could immediately terminate any Bluetooth connection for any source device where the table indicated that the required profile or service had been disallowed but would permit an extension where the table indicated that the required profile or service was allowable.</p>
<p>By means of this extension, a user may trust a source device that wished to send pictures to them without notification, but the user would not necessarily want that same device to have open access to their Bluetooth telephony or modem functionality; this would expose the user to having their communications hijacked by a malicious user (which is an attack known as bluebugging).</p>
<p>A principle benefit of the list of banned or blacklisted devices is that it can be used to at least reduce the spread of viruses such as Cabir and its variants by means of Bluetooth. It can also minimise the effect of denial-of-service attacks, in which a device is continually bombarded with connection requests from a malicious source.</p>
<p>In the extended version of the invention using the Bluetooth profiles permissions bitmap, it permits access to a destination device to be granted on a per-service basis instead of having to trust a source device with access to all available services, as is currently the case.</p>
<p>Although the present invention has been described with reference to particular embodiments, it will be appreciated that modifications may be effected whilst remaining within the scope of the present invention as defined by the appended claims.</p>

Claims (1)

  1. <p>Claims: 1. A method of operating a first computing device having
    Bluetooth wireless networking capability, the method comprising maintaining a list of unique identifiers of banned computing devices on the first computing device, whereby the first computing device is able to avoid accepting a connection from a second computing device seeking without user intervention if the unique identity of the second computing device matches an identifier in the list.</p>
    <p>2. A method according to claim 1 wherein the first computing device obtains the unique identity of the second computing device from the FHS packet transmitted as part of a paging procedure.</p>
    <p>3. A method according to claim I or claim 2 wherein a refusal by the first computing device of a connection attempt by the second computing device causes the unique identity of the second computing device to be added to the list.</p>
    <p>4. A method according to claim I or claim 2 wherein a refusal by the first computing device of a connection attempt by the second computing device causes the unique identity of the second computing device to be added to the list only if the number of such refusals exceeds a threshold set either by the manufacturer or the user of the device.</p>
    <p>5. A method according to claim 1 or claim 2 wherein the first computing device adds the unique identity of the second computing device to the list in response to a notification received from a third party by electronic or other means.</p>
    <p>6. A method according to any one of the preceding claims wherein the list comprises a table containing unique identifiers and permissions bitmaps for indicating services allowed for a device corresponding to any unique identifier, and in which the first computing device automatically refuses connections if the respective permission bitmap for the unique identifier of the second computing device indicates that the service it has requested is barred.</p>
    <p>7. A method according to claim 6 wherein a default permissions bitmap is used by the first computing device when the unique identifier of the second computing device does not appear in the table.</p>
    <p>8. A method according to claim 6 wherein the first computing device refuses a connection attempt by the second computing device prior to any services being requested if the permission bitmap paired with its unique identifier indicates that all services are banned.</p>
    <p>9. A computing device arranged to operate in accordance with a method as claimed in any one of claims I to 8.</p>
    <p>1O.An operating system for causing a computing device to operate in accordance with a method as claimed in any one of claims 1 to 8.</p>
GB0612120A 2006-06-19 2006-06-19 Security in bluetooth enabled computing devices Withdrawn GB2439364A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB0612120A GB2439364A (en) 2006-06-19 2006-06-19 Security in bluetooth enabled computing devices
PCT/GB2007/002278 WO2007148069A1 (en) 2006-06-19 2007-06-18 Improving security in bluetooth enabled computing devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0612120A GB2439364A (en) 2006-06-19 2006-06-19 Security in bluetooth enabled computing devices

Publications (2)

Publication Number Publication Date
GB0612120D0 GB0612120D0 (en) 2006-07-26
GB2439364A true GB2439364A (en) 2007-12-27

Family

ID=36775902

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0612120A Withdrawn GB2439364A (en) 2006-06-19 2006-06-19 Security in bluetooth enabled computing devices

Country Status (2)

Country Link
GB (1) GB2439364A (en)
WO (1) WO2007148069A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2464273A (en) * 2008-10-07 2010-04-14 Winston Donald Keech Short-range communication system offering cost- reduced loyalty card provision
EP2458907A3 (en) * 2010-11-25 2012-07-11 Psion Inc. System and method for controlling access between wireless communication devices
US8654977B2 (en) 2010-11-25 2014-02-18 Psion Inc. System and method for controlling access between Bluetooth devices

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108416207B (en) * 2018-03-07 2022-09-16 北京元心科技有限公司 Bluetooth use permission identification method and device and mobile terminal
US11004082B2 (en) 2018-09-28 2021-05-11 Capital One Services, Llc Trust platform

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020044661A1 (en) * 2000-08-30 2002-04-18 Jakobsson Bjorn Markus Method and apparatus for ensuring security of users of bluetoothTM-enabled devices
US20030050009A1 (en) * 2001-09-12 2003-03-13 Kurisko Mark A. Security apparatus and method during BLUETOOTH pairing
GB2409789A (en) * 2003-12-30 2005-07-06 Nokia Corp Interconnection of short range networks via cellular links
GB2412819A (en) * 2004-03-31 2005-10-05 Nokia Corp Identifying a local device name in a short-range radio network

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7870200B2 (en) * 2004-05-29 2011-01-11 Ironport Systems, Inc. Monitoring the flow of messages received at a server
MY148813A (en) * 2005-11-11 2013-06-14 Nss Msc Sdn Bhd Integrated security mobile engines for mobile devices and resident data security

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020044661A1 (en) * 2000-08-30 2002-04-18 Jakobsson Bjorn Markus Method and apparatus for ensuring security of users of bluetoothTM-enabled devices
US20030050009A1 (en) * 2001-09-12 2003-03-13 Kurisko Mark A. Security apparatus and method during BLUETOOTH pairing
GB2409789A (en) * 2003-12-30 2005-07-06 Nokia Corp Interconnection of short range networks via cellular links
GB2412819A (en) * 2004-03-31 2005-10-05 Nokia Corp Identifying a local device name in a short-range radio network

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2464273A (en) * 2008-10-07 2010-04-14 Winston Donald Keech Short-range communication system offering cost- reduced loyalty card provision
EP2458907A3 (en) * 2010-11-25 2012-07-11 Psion Inc. System and method for controlling access between wireless communication devices
US8654977B2 (en) 2010-11-25 2014-02-18 Psion Inc. System and method for controlling access between Bluetooth devices

Also Published As

Publication number Publication date
GB0612120D0 (en) 2006-07-26
WO2007148069A1 (en) 2007-12-27

Similar Documents

Publication Publication Date Title
US20070197163A1 (en) Combination modes for network connection management
US9596604B2 (en) Method and system for enhanced wireless network security
US8208472B2 (en) Method and apparatus for setting up network for IP communication in mobile terminal
EP1891791B1 (en) Protection for wireless devices against false access-point attacks
CA2618664C (en) Routing advertisement authentication in fast router discovery
US8214889B2 (en) Selective auto-revocation of firewall security settings
WO2007148069A1 (en) Improving security in bluetooth enabled computing devices
Panse et al. A survey on security threats and vulnerability attacks on bluetooth communication
Ai et al. Blacktooth: breaking through the defense of bluetooth in silence
Nasim Security threats analysis in Bluetooth-enabled mobile devices
EP1826948B1 (en) Combination Modes For Network Connection Management
Alvarez-Cedillo et al. Bluetooth intrusion techniques
Sun et al. Design, implementation, and evaluation of Bluetooth security
Sharma Bluetooth security issues: threats and consequences
Premnath et al. Battery-draining-denial-of-service attack on bluetooth devices
Kumar Bluetooth quality issues, threats and security tips
Venkata Bhaskara Sastry et al. Bluetooth Low Energy Devices: Attacks and Mitigations
Spence et al. Security of Wireless Technologies: IEEE 802.11 Wireless LAN and IEEE 802.15 Bluetooth
Suri et al. Security Manager-Key to Restrict the Attacks in Bluetooth
Chlapoutakis Bluetooth Security: Vulnerabilities, Attacks & Defense
Chandan et al. Analysis on Bluetooth Security
Rao et al. Current Trends in Information Security
Arrington et al. Enhancing security and usability for Bluetooth discovery and pairing
Tabib A review of Bluetooth Technology
Arslanagic Personal firewall in mobile phone

Legal Events

Date Code Title Description
732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20090219 AND 20090225

WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)