Revisiting Urban War Nibbling: Mobile Passive Discovery of Classic Bluetooth Devices Using Ubertooth One

The ubiquitous nature of Bluetooth technology presents opportunities for intelligence gathering based on historical and real-time device presence data. This information can be of value to law enforcement agencies, intelligence organizations, and industry. Despite the introduction of the Bluetooth Low Energy standard that incorporates anonymity preservation mechanisms, the presence of devices that support Classic Bluetooth that uses unique and persistent device identifiers is expected to remain significant for a number of years. The common approach to finding discoverable Classic Bluetooth devices relies on a standard inquiry process that is not truly passive. Furthermore, this approach fails to detect devices that remain undiscoverable. Ubertooth One, a low-cost open source Bluetooth development platform, can assist with overcoming this limitation in a truly passive manner, making it an attractive digital forensic instrument. Using vehicle-based sensors and parallel multi-method device discovery, we conduct a practical evaluation of Ubertooth One for passive discovery and contrast its discovery rate to the standard method. Based on 83 comparative field experiments, we show that Ubertooth One can produce forensically sound observations while able to discover up to ten times as many devices. We also show that this method can identify repeat device presence, as we observe 2370 instances of repeat observations on different days in single and multiple location scenarios. We conclude that this passive technique can complement the standard method and has the potential be used as a viable alternative.

[1]  Hans-Peter Kriegel,et al.  A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise , 1996, KDD.

[2]  Ollie Whitehouse War nibbling: Bluetooth insecurity , 2003 .

[3]  M. Herfurt,et al.  Remote Device Identification based on Bluetooth Fingerprinting Techniques , 2004 .

[4]  Marc Haase,et al.  BlueTrack - Imperceptible Tracking of Bluetooth Devices , 2004 .

[5]  Jim Harkin,et al.  Case Study on the Bluetooth Vulnerabilities in Mobile Devices , 2006 .

[6]  A. Hornung,et al.  The art of Bluedentistry : Current security and privacy issues with Bluetooth devices , 2006 .

[7]  Stefano Zanero,et al.  Studying Bluetooth Malware Propagation: The BlueBag Project , 2007, IEEE Security & Privacy.

[8]  Michael Lynn,et al.  Hacking Exposed Wireless , 2007 .

[9]  Daniel Cross,et al.  Detecting Non-Discoverable Bluetooth Devices , 2007, Critical Infrastructure Protection.

[10]  Andrea Bittau,et al.  BlueSniff: Eve Meets Alice and Bluetooth , 2007, WOOT.

[11]  Christos Douligeris,et al.  Network Security: Current Status and Future Directions , 2007 .

[12]  Kaisa Nyberg,et al.  Enhancements to Bluetooth Baseband Security , 2007 .

[13]  John Paul Dunning,et al.  Taming the Blue Beast: A Survey of Bluetooth Based Threats , 2010, IEEE Security & Privacy.

[14]  Anne Franssens Impact of multiple inquires on the bluetooth discovery process : and its application to localization , 2010 .

[15]  Roksana Boreli,et al.  I know who you will meet this evening! Linking wireless devices using Wi-Fi probe requests , 2012, 2012 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM).

[16]  Srdjan Capkun,et al.  Physical-Layer Identification of Wireless Devices , 2011 .

[17]  Mike Ryan,et al.  Bluetooth: With Low Energy Comes Low Security , 2013, WOOT.

[18]  Wei Cheng,et al.  Characterizing privacy leakage of public WiFi networks for users on travel , 2013, 2013 Proceedings IEEE INFOCOM.

[19]  César A. Hidalgo,et al.  Unique in the Crowd: The privacy bounds of human mobility , 2013, Scientific Reports.

[20]  Edward Chung,et al.  Retrieving trip information from a discrete detectors network : The case of Brisbane Bluetooth detectors , 2014 .

[21]  Guoliang Xing,et al.  BlueID: A practical system for Bluetooth device identification , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[22]  Le Minh Kieu,et al.  Is Bus Overrepresented in Bluetooth MAC Scanner data? Is MAC-ID Really Unique? , 2015, Int. J. Intell. Transp. Syst. Res..

[23]  Rose F. Gamble,et al.  Secu Wear: An Open Source, Multi-component Hardware/Software Platform for Exploring Wearable Security , 2015, 2015 IEEE International Conference on Mobile Services.

[24]  Aruna Seneviratne,et al.  SSIDs in the wild: Extracting semantic information from WiFi SSIDs , 2015, 2015 IEEE 40th Conference on Local Computer Networks (LCN).

[25]  Wondimu K. Zegeye Exploiting Bluetooth Low Energy Pairing Vulnerability in Telemedicine , 2015 .

[26]  Julinda Stefa,et al.  Mind your probes: De-anonymization of large crowds through smartphone WiFi probe requests , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[27]  Guoliang Xing,et al.  Practical Bluetooth Traffic Sniffing: Systems and Privacy Implications , 2016, MobiSys.