Bluetooth Security
Lately, the LCDI has been committed to researching the capabilities and vulnerabilities of Bluetooth. More and more consumers are including Bluetooth capable devices in their personal repertoire, and the Bluetooth Special Interest Group continues to expand and update the protocol with the recent release of Bluetooth 5.0. With these factors in mind, the LCDI has decided to continue the research project from last semester dedicated to assessing Bluetooth security. This semester’s objective is to further explore the observations made by the last project team and use their findings to delve into new avenues of experimentation. We are eager to learn more about the Bluetooth protocol and move the project forward!
Background
Last semester’s research team was broke down into two groups: one team worked with Btlejuice by Econocom Digital Security and the other with Pwnie Express’s BlueHydra. Btlejuice is a framework developed for performing Man-in-the-Middle attacks on Bluetooth Smart devices. The team utilized Btlejuice to help unlock a Schlage Sense Smart Deadbolt by intercepting signals from an authorized smartphone and resending them from an unauthorized laptop. However, the team ran into issues after updating the framework on the lock and phone, limiting their ability to manipulate the lock. They were able to unlock the deadbolt once with the laptop, but afterwards couldn’t unlock it with either method.
BlueHydra uses the device discovery service from the bluez library and an Ubertooth One adapter in order to find classic and low energy Bluetooth devices within a given proximity. The BlueHydra team had two goals for the previous fall semester: to use BlueHydra and the Ubertooth One to find Bluetooth devices outside of discovery mode and to see if they could track a person throughout a building. In both aspects, the team encountered issues. This was attributed to a communication fault between the Ubertooth One and BlueHydra.
Conclusion
This semester we hope to troubleshoot the problems that were encountered last fall. Our goal is to bypass previous difficulties to establish consistent results with both tools, as well as provide working information about Bluetooth technology. This semester we plan utilize both tools in conjunction in order to use each tool’s best features. We plan to use BlueHydra to gather information about potential devices, and then use Btlejuice to intercept traffic and use the packets received to execute unauthorized attacks against the device. Our second goal is to be able to track a person with a Bluetooth capable device throughout a building when their device is not in discovery mode. Check back for our next blog post to see what we have accomplished!
Questions or comments? Please share with us in the comment section below! You can also reach out to our Twitter and Facebook or email us at champforensics@gmail.com. Also don’t forget to read our Blogs!