Skip to main content
Springer Nature Link
Log in

Connection Dumping Vulnerability Affecting Bluetooth Availability

  • Conference paper
  • First Online:
Risks and Security of Internet and Systems (CRiSIS 2018)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 11391))

Included in the following conference series:

Abstract

See More

Over the last few years, Bluetooth technology has been deployed in millions of devices including laptops, watches, mobile phones, cars, printer, and many other devices. It has been rapidly adopted as a short-range wireless communication technology for different IoT applications such as smart cities, smart healthcare, and smart grids. Yet, little attention has been paid to Bluetooth security. In this paper, we report a new Bluetooth vulnerability, named connection dumping. We show that this vulnerability can be exploited to affect Bluetooth availability. We generate three attack scenarios which exploit the vulnerability to cause disconnection between Bluetooth devices. We also generate attack scenarios for Bluetooth role switching and connection deprivation. We demonstrate the occurrences of the attacks on Bluetooth devices made by various manufacturers, running different Bluetooth versions and operating systems, and recommend possible mitigations for them.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

') var buybox = document.querySelector("[data-id=id_"+ timestamp +"]").parentNode var buyingOptions = buybox.querySelectorAll(".buying-option") ;[].slice.call(buyingOptions).forEach(initCollapsibles) var buyboxMaxSingleColumnWidth = 480 function initCollapsibles(subscription, index) { var toggle = subscription.querySelector(".buying-option-price") subscription.classList.remove("expanded") var form = subscription.querySelector(".buying-option-form") var priceInfo = subscription.querySelector(".price-info") var buyingOption = toggle.parentElement if (toggle && form && priceInfo) { toggle.setAttribute("role", "button") toggle.setAttribute("tabindex", "0") toggle.addEventListener("click", function (event) { var expandedBuyingOptions = buybox.querySelectorAll(".buying-option.expanded") var buyboxWidth = buybox.offsetWidth ;[].slice.call(expandedBuyingOptions).forEach(function(option) { if (buyboxWidth <= buyboxMaxSingleColumnWidth && option != buyingOption) { hideBuyingOption(option) } }) var expanded = toggle.getAttribute("aria-expanded") === "true" || false toggle.setAttribute("aria-expanded", !expanded) form.hidden = expanded if (!expanded) { buyingOption.classList.add("expanded") } else { buyingOption.classList.remove("expanded") } priceInfo.hidden = expanded }, false) } } function hideBuyingOption(buyingOption) { var toggle = buyingOption.querySelector(".buying-option-price") var form = buyingOption.querySelector(".buying-option-form") var priceInfo = buyingOption.querySelector(".price-info") toggle.setAttribute("aria-expanded", false) form.hidden = true buyingOption.classList.remove("expanded") priceInfo.hidden = true } function initKeyControls() { document.addEventListener("keydown", function (event) { if (document.activeElement.classList.contains("buying-option-price") && (event.code === "Space" || event.code === "Enter")) { if (document.activeElement) { event.preventDefault() document.activeElement.click() } } }, false) } function initialStateOpen() { var buyboxWidth = buybox.offsetWidth ;[].slice.call(buybox.querySelectorAll(".buying-option")).forEach(function (option, index) { var toggle = option.querySelector(".buying-option-price") var form = option.querySelector(".buying-option-form") var priceInfo = option.querySelector(".price-info") if (buyboxWidth > buyboxMaxSingleColumnWidth) { toggle.click() } else { if (index === 0) { toggle.click() } else { toggle.setAttribute("aria-expanded", "false") form.hidden = "hidden" priceInfo.hidden = "hidden" } } }) } initialStateOpen() if (window.buyboxInitialised) return window.buyboxInitialised = true initKeyControls() })()

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    The attacker only needs a Bluetooth USB dongle which may cost less than $4.

  2. 2.

    All algorithms used in legacy paring are based on the SAFER+ (Secure And Fast Encryption Routine +) block cipher algorithm [22].

  3. 3.

    Note that after the invention of the Bluegun [7], the attacker does not need to be within the short range of its target Bluetooth devices.

  4. 4.

    Bluetooth technology allows Bluetooth devices to be set on non-discoverable mode in order to hide their presence to nearby Bluetooth devices.

  5. 5.

    In a Bluetooth network, each Bluetooth device is uniquely identified by a 48-bit Bluetooth device MAC address denoted by BD_ADDR.

  6. 6.

    hcidump is a Linux utility which allows the monitoring of Bluetooth activity. It reads raw HCI data coming from and going to a Bluetooth device.

  7. 7.

    Wireshark is a free and open source packet analyzer: www.wireshark.org..

References

  1. CTV-Calgary-News: Wireless waves used to track travel times. https://calgary.ctvnews.ca/wireless-waves-used-to-track-travel-times-1.1054731 (2012). Accessed 15 Sept 2018

  2. Orthogonal: The growing significance of Bluetooth BTLE in healthcare. http://orthogonal.io/medical-softtware/the-growing-significance-of-bluetooth-btle-in-healthcare-html/ (2018). Accessed 15 Sept 2018

  3. EECatalog: Bluetooth 5 expands into the smart grid. http://eecatalog.com/wireless/2017/09/07/bluetooth-5-expands-into-the-smart-grid/ (2017). Accessed 15 Sept 2018

  4. Laurie, A., Holtmann, M., Herfurt, M.: Hacking Bluetooth enabled mobile phones and beyond. http://www.blackhat.com/html/bh-europe-05/bh-eu-05-speakers.html (2007). Accessed 15 Sept 2018

  5. Barnickel, J., Wang, J., Meyer, U.: Implementing an attack on Bluetooth 2.1+ secure simple pairing in Passkey entry mode. In: The proceedings of the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 17–24 (2012)

    Google Scholar 

  6. Sun, D.Z., Mu, Y., Susilo, W.: Man-in-the-middle attacks on secure simple pairing in Bluetooth standard V5.0 and its countermeasure. Pers. Ubiquit. Comput. J. 22, 55–67 (2018)

    Article  Google Scholar 

  7. Flexilis-Hackers-Group: Bluetooth-cracking gun: BlueSniper. https://www.defcon.org/html/links/dc_press/archives/12/esato_bluetoothcracking.htm (2004). Accessed 15 Sept 2018

  8. Jakobsson, M., Wetzel, S.: Security weaknesses in Bluetooth. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 176–191. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45353-9_14

    Chapter  MATH  Google Scholar 

  9. Armis: BlueBorne cyber threat impacts Amazon Echo and Google Home. https://www.armis.com/blueborne/ (2017). Accessed 15 Sept 2018

  10. Herfurt, M.: Introducing the car whisperer at what the hack. https://trifinite.org/trifinite_stuff_carwhisperer.html (2005). Accessed 15 Sept 2018

  11. Spill, D., Bittau, A.: BlueSniff: Eve meets Alice and Bluetooth. In: T1st USENIX Workshop on Offensive Technologies (2007)

    Google Scholar 

  12. Mulliner, C., BlueSpam. http://www.mulliner.org/palm/bluespam.php (2013). Accessed 15 Sept 2018

  13. Laurie, A.: HeloMoto Bluetooth device planter. https://trifinite.org/trifinite_stuff_helomoto.html (2013). Accessed 15 Sept 2018

  14. Project-Ubertooth: An open source 2.4GHz wireless development platform suitable for Bluetooth experimentation. http://ubertooth.sourceforge.net/ (2015). Accessed 15 Sept 2018

  15. Prabhu, C.S.R., Prathap, R.A.: Bluetooth Technology and its Applications with JAVA and J2ME. Prentice-Hall of India Pvt Ltd., Delhi (2006)

    Google Scholar 

  16. Zheng, P., Ni, L.: Smart Phone and Next Generation Mobile Computing. Morgan Kaufmann Series in Networking. Elsevier Science, New York (2005)

    Google Scholar 

  17. Pendli, P.K.: Contribution of Modelling and Analysis of Wireless Communication for Safety related Systems with Bluetooth Technology. Kassel University Press, Kassel (2014)

    Google Scholar 

  18. Aftab, M.U.B.: Building Bluetooth Low Energy Systems. Packt Publishing, Birmingham (2017)

    Google Scholar 

  19. Thompson, T.J., Kumar, C.B., Kline, P.J.: Bluetooth Application Programming with the Java APIs Essentials Edition. The Morgan Kaufmann Series in Networking. Elsevier Science, New York (2008)

    Google Scholar 

  20. Antony, R., Hopkins, B.: Bluetooth For Java. Apress, New York (2008)

    Google Scholar 

  21. NIST: Advanced Encryption Standard (AES). http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf (2001). Accessed 15 Sept 2018

  22. Massey, J., Khachatrian, G., Kuregian, M.: Secure and fast encryption routine+. In: The 1st NIST Advanced Encryption Standard Candidate (1998)

    Google Scholar 

  23. Bluetooth-SIG: Bluetooth Core Specification Version 5.0. Bluetooth Spec document (2018)

    Google Scholar 

Download references

Acknowledgment

This work is partially supported by the Natural Sciences and Engineering Research Council of Canada (NSERC) and the Canada Research Chairs (CRC) program. At the same time, we would like to give special thanks to all QRST (Queen’s Reliable Software Technology) lab members for providing their Bluetooth devices: smartphones, laptops, and cars, to run the experimentations.

Author information

Authors and Affiliations

  1. Queen’s Reliable Software Technology Lab, School of Computing, Queen’s University, Kingston, ON, Canada

    Karim Lounis & Mohammad Zulkernine

Authors
  1. Karim Lounis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammad Zulkernine
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Karim Lounis or Mohammad Zulkernine .

Editor information

Editors and Affiliations

  1. University of Bordeaux, Talence, France

    Akka Zemmari

  2. University of Bordeaux, Talence, France

    Mohamed Mosbah

  3. IMT Atlantique, Brest, France

    Nora Cuppens-Boulahia

  4. IMT Atlantique, Brest, France

    Frédéric Cuppens

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lounis, K., Zulkernine, M. (2019). Connection Dumping Vulnerability Affecting Bluetooth Availability. In: Zemmari, A., Mosbah, M., Cuppens-Boulahia, N., Cuppens, F. (eds) Risks and Security of Internet and Systems. CRiSIS 2018. Lecture Notes in Computer Science(), vol 11391. Springer, Cham. https://doi.org/10.1007/978-3-030-12143-3_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-12143-3_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-12142-6

  • Online ISBN: 978-3-030-12143-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics