GB2439364A - Security in bluetooth enabled computing devices - Google Patents
Security in bluetooth enabled computing devices Download PDFInfo
- Publication number
- GB2439364A GB2439364A GB0612120A GB0612120A GB2439364A GB 2439364 A GB2439364 A GB 2439364A GB 0612120 A GB0612120 A GB 0612120A GB 0612120 A GB0612120 A GB 0612120A GB 2439364 A GB2439364 A GB 2439364A
- Authority
- GB
- United Kingdom
- Prior art keywords
- computing device
- bluetooth
- list
- unique
- banned
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/54—Store-and-forward switching systems
- H04L12/56—Packet switching systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M11/00—Telephonic communication systems specially adapted for combination with other electrical systems
-
- H04Q7/38—
-
- H04Q7/3802—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/128—Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
Abstract
A Bluetooth-equipped device is provided with a maintained list of banned devices from which no connection will be accepted. This enables a destination device to avoid receiving malware or other connections with malicious intent from Bluetooth-equipped source devices whose identity is on the banned device list without any user intervention. In a preferred embodiment a Bluetooth profiles permission bitmap may be used to permit access to the destination device to be granted on a per-service basis instead of having to trust the source device with access to all available services, as is currently the case.
Description
<p>1 2439364 Improving Security in Bluetooth Enabled Computing Devices
This invention discloses improvements in the security of Bluetooth-enabled computing devices.</p>
<p>The term computing device' includes, limitation, Desktop and Laptop computers, Personal Digital Assistants (PDAs), Mobile Telephones, Smartphones, Digital Cameras and Digital Music Players. It also includes converged devices incorporating the functionality of one or more of the classes of such devices, together with many other industrial and domestic electronic appliances.</p>
<p>In the last ten years, it has become increasingly common for computing devices to be equipped with wireless networking technologies. One of these is BluetoothTM, also known as IEEE 802.15.1, a short-range wireless technology enabling various types of computing devices to be interconnected for a variety of purposes. Full details of the protocols and the hardware appear on the official Bluetooth web site at http://www.bluetooth.com.</p>
<p>Although Bluetooth can be used to wirelessly connect any type of computing device to any other, because of its low power consumption and its ability to eliminate the need to carry around bulky cables, it has become particularly popular for use in conjunction with portable battery operated devices such as mobile telephones and personal digital assistants (PDAs).</p>
<p>For example, Bluetooth headsets for mobile telephones are in widespread use, replacing the wired hands-free version. Other common uses for this technology in portable devices include linking them to desktop computers for the transfer of files and synchronisation of various types of data, and the use of Bluetooth to send messages between one mobile device and another, including multimedia messages that may include sound, photographs, and video clips.</p>
<p>But because Bluetooth technology can also be used to create ad-hoc wireless connections that can transfer any type of data between one device and another, it has become a target for anyone searching for security flaws in protocols that might allow them unauthorised access to Bluetooth-enabled computing devices. Bluetooth has the potential to become a vehicle for the transmission of malicious programs (known as ma/ware) such as computer viruses and trojan horses. It is known that this type of infection can invade any type of computing device, and the risk is significantly greater when a computing device is able to connect to other devices.</p>
<p>Bluetooth does provide various security mechanisms that can be used to prevent unwanted connections to a device and a subsequent infection by malware. These include verifying the authenticity of the remote device and asking the user whether they wish to accept the connection. Furthermore, if a connection does result in some type of file transfer, users can be prompted as to whether they wish to accept such a transfer. If they do accept a transfer, and an executable program file is transferred to them, they can also be prompted as to whether they wish to install or run the executable program.</p>
<p>Should the program appear to originate from an unknown or untrusted source, a further warning can be given.</p>
<p>Despite the security measures described above, which can require a user of a Bluetooth device to accept an initial connection and ignore three further warnings, it is known that users of Bluetooth-enabled devices are becoming infected by malware. For example, users of mobile telephones running Symbian OS, the advanced operating system for smartphones from Symbian Ltd, have been targeted by malware such as the so called Cabir' Mabir' and Lasco' worms, which are capable of spreading from one mobile telephone to another via Bluetooth connections.</p>
<p>Despite the multiple positive decisions that a user has to make and the warnings they have to ignore, BBC reports indicate that this type of infection has been found in 17 different countries (see http://news.bbc.co.k//hi/technology/44451 25.stm). It is clear, therefore, that users do not always heed warnings given at the installation phase about the dangers of untrusted software.</p>
<p>In order to understand why this is so, let us consider the following scenario, which corresponds fairly closely to the way that malware such as Cabir spreads from one device to another. An item of malware running on device A keeps trying to create a connection to device B to transmit a copy of itself, thereby infecting device B. Because of the repeated connection attempts, the user of device B will be bombarded with questions as to whether they should accept the connection from device A. Refusing the request means they will be asked the same question again in a few seconds, requiring another refusal, followed by another request, and so on.</p>
<p>In such a situation, the user has a limited number of options: 1. Switch off the phone. Users are understandably reluctant to do this.</p>
<p>2. Switch Bluetooth off. This is likely to be inconvenient, most obviously when the user is relying on a Bluetooth device such as a headset.</p>
<p>3. Switch Bluetooth to non-discoverable mode, which prevents the device from responding to inquiry requests from other Bluetooth devices.</p>
<p>Doing this means that it will not be possible to initiate a session with any devices that haven't been communicated with previously; this is less drastic than switching off either the phone or the Bluetooth functionality, but does mean that all welcome inquiries are prevented as well as all unwelcome ones.</p>
<p>4. Physically move out of range of the remote device. Again, this may not be possible, especially since Bluetooth is not directional and there is no way of telling where the requests are coming from.</p>
<p>5. Deny each individual connection attempt. This is tiresome; the continual requests for connection are such a nuisance that the user is worn down, and comes to believe that the only way to stop the continual requests for connection is to ignore the warnings and accept a copy of the malware onto their device.</p>
<p>The perception behind this invention is that there is a weakness in the Bluetooth specifications in that they provide no mechanism which can be used to block any single given remote device from making any connections to the local device. This invention provides a remedy for this weakness, and enables a Bluetooth enabled device to maintain a list of remote devices from which all connection requests will be ignored without reference to the user.</p>
<p>According to a first aspect of the present invention there is provided a method of operating a first computing device having Bluetooth wireless networking capability, the method comprising maintaining a list of unique identifiers of banned computing devices on the first computing device, whereby the first computing device is able to avoid accepting a connection from a second computing device seeking without user intervention if the unique identity of the second computing device matches an identifier in the list.</p>
<p>According to a second aspect of the present invention there is provided a computing device arranged to operate in accordance with a method of the first aspect.</p>
<p>According to a third aspect of the present invention there is provided an operating system for causing a computing device to operate in accordance with a method of the first aspect.</p>
<p>Embodiments of the present invention will now be described, by way of further example only, with reference to the accompanying drawings, in which:-Figure 1 shows a paging procedure between Bluetooth equipped devices in</p>
<p>accordance with the prior art;</p>
<p>Figure 2 shows a paging procedure between Bluetooth equipped devices in accordance with the present invention; and Figure 3 shows a list of Bluetooth profiles, including an example of a Bluetooth profiles permissions bitmap.</p>
<p>Those skilled in the art will be aware that most Bluetooth stack implementations are able to maintain, at the request of the user, a list of paired and trusted devices. This list is used by the Bluetooth security manager to bypass some of the Bluetooth security mechanisms. In particular, devices on the paired list maintain stored link keys which can be used for authentication purposes with no user interaction.</p>
<p>In this invention, a complementary list of banned devices is maintained by the Bluetooth security manager. The complementary list contents can be a straightforward list of the unique IDs that are allocated to all Bluetooth devices; these are similar to the unique MAC addresses allocated to Ethernet network cards, and are 48 bits long.</p>
<p>The ID of any device seeking to establish a connection (which would be either a source or a master device in Bluetooth parlance) is always disclosed in the FHS (Frequency Hopping Synchronization) packet that the seeking device sends as part of the Bluetooth paging procedure to any other computing device (which would be a destination or a slave device in Bluetooth parlance) with which it was seeking to establish a connection.</p>
<p>Prior to this invention, a Bluetooth slave device participating in the paging procedure would have received this FHS packet from the master, and would have responded by entering step 2 of the slave response state and then sent the master an ID packet containing its device access code. This procedure is shown in figure 1.</p>
<p>However, a slave device implementing this invention is arranged to store a list of banned devices to which access via a Bluetooth connection will always be denied. Hence, the slave device firstly compares the transmitted ID of the master contained in the FHS with the ID entries in its banned list; if there is a match, then the slave device remains silent and neither responds to the FHS packet nor continues with the specified steps of the slave response states. It terminates all participation in the paging procedure and returns to the start of the inquiry procedure, when it may once again be discovered by source devices. This procedure is shown in figure 2.</p>
<p>This invention does not prevent the source Bluetooth device from attempting to page the destination device again; nor does it prevent the source Bluetooth device from seeking to re-discover the destination device via the enquiry phase. What this invention does do is ensure that as soon as a device implementing it finds out that the ID source device is on its banned list, it immediately terminates the session completely transparently from the user of the device, whose user experience is thereby improved, and who would not be repeatedly paged into accepting an unwanted connection simply to make the repeated paging requests go away.</p>
<p>A number of mechanisms can be used to add Bluetooth IDs to the banned list.</p>
<p>These may include without being limited to the following: 1. Giving the user the option to add the ID of a source device to the banned list whenever they refuse a connection attempt from the device.</p>
<p>2. Automatically adding the ID of a source device to the list after a certain number of refused connection attempts, either in total or within a given time period.</p>
<p>3. Adding an ID to the list if it had been received from a known and trusted source; so, for example, an infected device in a particular physical environment such as a company site could be effectively quarantined from all devices in the environment.</p>
<p>An extension of this invention permits the security mechanisms of the Bluetooth paging procedure to allow per-profile configuration. Bluetooth profiles are separate collections of various mandatory and optional elements and parameters of the Bluetooth protocols and specifications each of which define a particular set of functionality. A list of the currently available Bluetooth profiles is shown in Figure 3.</p>
<p>At present, without this invention, once a source device is trusted by a destination, the source device can gain access to all the services provided by any Bluetooth profile that might be available on the destination. In order to prevent this dangerously wide access, the banned list described above can be modified by replacing it with a table that links device IDs in paired tuples with a permissions bitmap signifying which Bluetooth profiles that those IDs would be allowed to access. The usual convention for such a bitmap would be for a zero (0) bit to represent a barred service and for a set (1) bit to represent allowed services. Figure 3 shows a permissions bitmap for a Bluetooth headset, where the bitmap 1100110000000000000010000 indicates that the (mandatory) Generic Access Profile and Service Discovery Application Profile are both allowable, together with the Headset Profile and Hands-free Profile, and the Serial Port Profile on which they both depend.</p>
<p>In conjunction with a default permissions bitmap, this table would effectively function as both a blacklist and as a whitelist. Any Bluetooth source device whose ID did not appear in the table would be able to use the default set of permissions; but this set could be restricted or extended for any device whose ID did appear in the table.</p>
<p>Thus, a completely banned ID would have its ID paired with a bitmap in which all bits were zero, and a totally trusted ID would have its ID paired with a bitmap in which all the bits were set to 1.</p>
<p>Between these extremes, a destination device would implement either per-profile configuration at the level of the mandatory Service Discovery Application Profile (SDAP), or per-service configuration at the level of the Bluetooth Service Discovery Protocol (SDP) on which SDAP depends. In either case, the responses that the destination device gives to the source device would depend not on the actual capabilities of the device, but would depend on the permissions bitmap of the source device. The destination device would deny the availability of any profiles or services to which the client did not have permission to access. This would effectively bar an unauthorised device from accessing them.</p>
<p>Alternatively, a destination device could immediately terminate any Bluetooth connection for any source device where the table indicated that the required profile or service had been disallowed but would permit an extension where the table indicated that the required profile or service was allowable.</p>
<p>By means of this extension, a user may trust a source device that wished to send pictures to them without notification, but the user would not necessarily want that same device to have open access to their Bluetooth telephony or modem functionality; this would expose the user to having their communications hijacked by a malicious user (which is an attack known as bluebugging).</p>
<p>A principle benefit of the list of banned or blacklisted devices is that it can be used to at least reduce the spread of viruses such as Cabir and its variants by means of Bluetooth. It can also minimise the effect of denial-of-service attacks, in which a device is continually bombarded with connection requests from a malicious source.</p>
<p>In the extended version of the invention using the Bluetooth profiles permissions bitmap, it permits access to a destination device to be granted on a per-service basis instead of having to trust a source device with access to all available services, as is currently the case.</p>
<p>Although the present invention has been described with reference to particular embodiments, it will be appreciated that modifications may be effected whilst remaining within the scope of the present invention as defined by the appended claims.</p>
Claims (1)
- <p>Claims: 1. A method of operating a first computing device havingBluetooth wireless networking capability, the method comprising maintaining a list of unique identifiers of banned computing devices on the first computing device, whereby the first computing device is able to avoid accepting a connection from a second computing device seeking without user intervention if the unique identity of the second computing device matches an identifier in the list.</p><p>2. A method according to claim 1 wherein the first computing device obtains the unique identity of the second computing device from the FHS packet transmitted as part of a paging procedure.</p><p>3. A method according to claim I or claim 2 wherein a refusal by the first computing device of a connection attempt by the second computing device causes the unique identity of the second computing device to be added to the list.</p><p>4. A method according to claim I or claim 2 wherein a refusal by the first computing device of a connection attempt by the second computing device causes the unique identity of the second computing device to be added to the list only if the number of such refusals exceeds a threshold set either by the manufacturer or the user of the device.</p><p>5. A method according to claim 1 or claim 2 wherein the first computing device adds the unique identity of the second computing device to the list in response to a notification received from a third party by electronic or other means.</p><p>6. A method according to any one of the preceding claims wherein the list comprises a table containing unique identifiers and permissions bitmaps for indicating services allowed for a device corresponding to any unique identifier, and in which the first computing device automatically refuses connections if the respective permission bitmap for the unique identifier of the second computing device indicates that the service it has requested is barred.</p><p>7. A method according to claim 6 wherein a default permissions bitmap is used by the first computing device when the unique identifier of the second computing device does not appear in the table.</p><p>8. A method according to claim 6 wherein the first computing device refuses a connection attempt by the second computing device prior to any services being requested if the permission bitmap paired with its unique identifier indicates that all services are banned.</p><p>9. A computing device arranged to operate in accordance with a method as claimed in any one of claims I to 8.</p><p>1O.An operating system for causing a computing device to operate in accordance with a method as claimed in any one of claims 1 to 8.</p>
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0612120A GB2439364A (en) | 2006-06-19 | 2006-06-19 | Security in bluetooth enabled computing devices |
PCT/GB2007/002278 WO2007148069A1 (en) | 2006-06-19 | 2007-06-18 | Improving security in bluetooth enabled computing devices |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0612120A GB2439364A (en) | 2006-06-19 | 2006-06-19 | Security in bluetooth enabled computing devices |
Publications (2)
Publication Number | Publication Date |
---|---|
GB0612120D0 GB0612120D0 (en) | 2006-07-26 |
GB2439364A true GB2439364A (en) | 2007-12-27 |
Family
ID=36775902
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB0612120A Withdrawn GB2439364A (en) | 2006-06-19 | 2006-06-19 | Security in bluetooth enabled computing devices |
Country Status (2)
Country | Link |
---|---|
GB (1) | GB2439364A (en) |
WO (1) | WO2007148069A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2464273A (en) * | 2008-10-07 | 2010-04-14 | Winston Donald Keech | Short-range communication system offering cost- reduced loyalty card provision |
EP2458907A3 (en) * | 2010-11-25 | 2012-07-11 | Psion Inc. | System and method for controlling access between wireless communication devices |
US8654977B2 (en) | 2010-11-25 | 2014-02-18 | Psion Inc. | System and method for controlling access between Bluetooth devices |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108416207B (en) * | 2018-03-07 | 2022-09-16 | 北京元心科技有限公司 | Bluetooth use permission identification method and device and mobile terminal |
US11004082B2 (en) | 2018-09-28 | 2021-05-11 | Capital One Services, Llc | Trust platform |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020044661A1 (en) * | 2000-08-30 | 2002-04-18 | Jakobsson Bjorn Markus | Method and apparatus for ensuring security of users of bluetoothTM-enabled devices |
US20030050009A1 (en) * | 2001-09-12 | 2003-03-13 | Kurisko Mark A. | Security apparatus and method during BLUETOOTH pairing |
GB2409789A (en) * | 2003-12-30 | 2005-07-06 | Nokia Corp | Interconnection of short range networks via cellular links |
GB2412819A (en) * | 2004-03-31 | 2005-10-05 | Nokia Corp | Identifying a local device name in a short-range radio network |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7870200B2 (en) * | 2004-05-29 | 2011-01-11 | Ironport Systems, Inc. | Monitoring the flow of messages received at a server |
MY148813A (en) * | 2005-11-11 | 2013-06-14 | Nss Msc Sdn Bhd | Integrated security mobile engines for mobile devices and resident data security |
-
2006
- 2006-06-19 GB GB0612120A patent/GB2439364A/en not_active Withdrawn
-
2007
- 2007-06-18 WO PCT/GB2007/002278 patent/WO2007148069A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020044661A1 (en) * | 2000-08-30 | 2002-04-18 | Jakobsson Bjorn Markus | Method and apparatus for ensuring security of users of bluetoothTM-enabled devices |
US20030050009A1 (en) * | 2001-09-12 | 2003-03-13 | Kurisko Mark A. | Security apparatus and method during BLUETOOTH pairing |
GB2409789A (en) * | 2003-12-30 | 2005-07-06 | Nokia Corp | Interconnection of short range networks via cellular links |
GB2412819A (en) * | 2004-03-31 | 2005-10-05 | Nokia Corp | Identifying a local device name in a short-range radio network |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2464273A (en) * | 2008-10-07 | 2010-04-14 | Winston Donald Keech | Short-range communication system offering cost- reduced loyalty card provision |
EP2458907A3 (en) * | 2010-11-25 | 2012-07-11 | Psion Inc. | System and method for controlling access between wireless communication devices |
US8654977B2 (en) | 2010-11-25 | 2014-02-18 | Psion Inc. | System and method for controlling access between Bluetooth devices |
Also Published As
Publication number | Publication date |
---|---|
GB0612120D0 (en) | 2006-07-26 |
WO2007148069A1 (en) | 2007-12-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20070197163A1 (en) | Combination modes for network connection management | |
US9596604B2 (en) | Method and system for enhanced wireless network security | |
US8208472B2 (en) | Method and apparatus for setting up network for IP communication in mobile terminal | |
EP1891791B1 (en) | Protection for wireless devices against false access-point attacks | |
CA2618664C (en) | Routing advertisement authentication in fast router discovery | |
US8214889B2 (en) | Selective auto-revocation of firewall security settings | |
WO2007148069A1 (en) | Improving security in bluetooth enabled computing devices | |
Panse et al. | A survey on security threats and vulnerability attacks on bluetooth communication | |
Ai et al. | Blacktooth: breaking through the defense of bluetooth in silence | |
Nasim | Security threats analysis in Bluetooth-enabled mobile devices | |
EP1826948B1 (en) | Combination Modes For Network Connection Management | |
Alvarez-Cedillo et al. | Bluetooth intrusion techniques | |
Sun et al. | Design, implementation, and evaluation of Bluetooth security | |
Sharma | Bluetooth security issues: threats and consequences | |
Premnath et al. | Battery-draining-denial-of-service attack on bluetooth devices | |
Kumar | Bluetooth quality issues, threats and security tips | |
Venkata Bhaskara Sastry et al. | Bluetooth Low Energy Devices: Attacks and Mitigations | |
Spence et al. | Security of Wireless Technologies: IEEE 802.11 Wireless LAN and IEEE 802.15 Bluetooth | |
Suri et al. | Security Manager-Key to Restrict the Attacks in Bluetooth | |
Chlapoutakis | Bluetooth Security: Vulnerabilities, Attacks & Defense | |
Chandan et al. | Analysis on Bluetooth Security | |
Rao et al. | Current Trends in Information Security | |
Arrington et al. | Enhancing security and usability for Bluetooth discovery and pairing | |
Tabib | A review of Bluetooth Technology | |
Arslanagic | Personal firewall in mobile phone |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
732E | Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977) |
Free format text: REGISTERED BETWEEN 20090219 AND 20090225 |
|
WAP | Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1) |