Bluetooth and its problems

Within Hyperbola bluetooth is not included since the release of Milky Way v0.4. As technology standard for short-range wireless connection there are too many risks for stability and security, besides that there are no real community-driven implementations for GNU/Linux available and the support for our own HyperbolaBSD is also not given on a solid base.

About Security Risks

There are a variety of attack types which can be launched against bluetooth devices.

Possible attackers can steal the data shared between connected devices. This data can therefore be exploited for mobile spying purposes or for example to steal the authentication data from a bluetooth authenticating device or hardware. This kind of attack is called BlueSnarfing and therefore especially dangerous when the traffic isn’t encrypted.

Other types of attacks can terminate generic the battery (and therefore also the lifespan of a battery), disable the device itself or introduce information into the victim’s mobile data, such as contacts.

The most common and safest prevention measure is to keep the bluetooth service disabled when unnecessary. When bluetooth as interface and connection is enabled, any attacker only needs to come near the potential victim and execute a vulnerability scan to discover the vulnerable devices or traffic.

One of the popular tools that the attackers use to find the unsecure traffic or devices to attack is BlueDiving, which additional to vulnerability support for the discovery of functionalities. It also includes exploitation codes or programs to run the attacks. In other words, any kind of attacker only needs to be near 10 meters to get into the corresponding device.

The only way to avoid getting scanned is to keep the bluetooth service turned off or remove it in a whole when possible.

While many experts recommend the additional tips like identifying the pairing devices to make sure that these are the devices that the users want to connect, regular users can’t realize if the traffic between both devices is being sniffed or spied onto. To be mentioned also attacks called Bluesniping, which are launched with special hardware and are not common at all. As to point out again that attackers need a relatively close distance to proceed their actions.

Attack Types

To be more concrete of the characteristics of each attack and to understand the real danger that users are exposed to, we are including now a listing of possible attack-types and their individual overall description.

BlueSmacking: This type of attack is almost inoffensive, and consists of disabling the mobile bluetooth services by sending a large amount of big data-packages to generate an overload. In the generic security environment, this type of attack is widely known as DOS (Denial of Service). When this is specifically launched against a bluetooth device, it’s defined as BlueSmacking. As a consequence, the attacked user won’t suffer a data leak or privacy violation. Just the bluetooth service will stop working in a whole. This attack may also decrease the battery charge and therefore the lifespan of the battery itself.

Bluebugging: This is one of the most harmful attacks, granting that the attacker fully controls over the targeted device. Through this attack, any attacker can control the calls and messages, fetch the contacts and other information.

BlueJacking: Despite this behaviour being considered an attack called BlueJacking, it only consists of using a bluetooth feature which allows it to send the unsolicited messages and media.

BlueSnarfing: This is a dangerous attack which allows any attacker to gather the data from the compromised device. This method does not provide control over the device, but leaks the information. It is together with Bluebugging which is one of the worst attacks to be mentioned.

Bluesniping: This attack is uncommon as it is a long range version of the previously mentioned BlueSnarfing attack. It is executed with special hardware consisting of an antenna which increases the bluetooth range.

KNOB: The Key Negotiation of Bluetooth attack is newer than the one listed previously. It consists of manipulating the encryption keys (see also for Brute-force attack). By implementing this method, an attacker can interfere with the bluetooth communications of paired devices.

Preventing Security Risks

To prevent all the possible scenarios and security-risks mentioned the further decision for the Hyperbola-project was and is to completely remove all components, including all possible services and applications with also to disable the corresponding interfaces while building the packages. Hyperbola won't receive further support for bluetooth for now or in the upcoming future: Vulnerabilities are periodically discovered and solid security measures were incorporated only in latest versions of the protocol while ignoring older devices and implementations, which is in fact absolutely not acceptable for us as project-team and for the community using a stable and secure system.