research-article

Detecting smartphone state changes through a Bluetooth based timing attack

Authors:

Guillaume Celosia,

Mathieu CuncheAuthors Info & Claims

WiSec '18: Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks

Pages 154 - 159

https://doi.org/10.1145/3212480.3212494

Published: 18 June 2018 Publication History

Abstract

Bluetooth is a popular wireless communication technology that is available on most mobile devices. Although Bluetooth includes security and privacy preserving mechanisms, we show that a Bluetooth harmless inherent request-response mechanism can taint users privacy. More specifically, we introduce a timing attack that can be triggered by a remote attacker in order to infer information about a Bluetooth device state. By observing the L2CAP layer ping mechanism timing variations, it is possible to detect device state changes, for instance when the device goes in or out of the locked state. Our experimental results show that change point detection analysis of the timing allows to detect device state changes with a high accuracy. Finally, we discuss applications and countermeasures.

References

[1]

Laurie Adam, Marcel Holtmann, and Martin Herfurt. 2004. Bluesmack. http://trifinite.org/trifinite_stuff_bluesmack.html

[2]

Laurie Adam, Marcel Holtmann, and Martin Herfurt. 2004. Bluetooone. https://trifinite.org/trifinite_stuff_bluetooone.html

[3]

Michèle Basseville, Igor V Nikiforov, et al. 1993. Detection of abrupt changes: theory and application. Vol. 104. Prentice Hall Englewood Cliffs.

Digital Library

[4]

David Brumley and Dan Boneh. 2005. Remote timing attacks are practical. Computer Networks 48, 5 (2005), 701--716.

Digital Library

[5]

Humphrey Cheung. 2005. How To: Building a BlueSniper Rifle - Part 1. http://www.tomshardware.co.uk/how-to-bluesniper-pt1,review-1224.html

[6]

Aveek K. Das, Parth H. Pathak, Chen-Nee Chuah, and Prasant Mohapatra. 2016. Uncovering Privacy Leakage in BLE Network Traffic of Wearable Fitness Trackers. ACM HotMobile (the 17th International Workshop on Mobile Computing Systems and applications) (Feb. 2016). http://escholarship.org/uc/item/52h8734r

Digital Library

[7]

Wenrui Diao, Xiangyu Liu, Zhou Li, and Kehuan Zhang. 2016. No pardon for the interruption: New inference attacks on android through interrupt timing analysis. In Security and Privacy (SP), 2016 IEEE Symposium on. IEEE, 414--432.

[8]

Jayavardhana Gubbi, Rajkumar Buyya, Slaven Marusic, and Marimuthu Palaniswami. 2013. Internet of Things (IoT): A vision, architectural elements, and future directions. Future generation computer systems 29, 7 (2013), 1645--1660.

Digital Library

[9]

Taher Issoufaly and Pierre Ugo Tournoux. 2017. BLEB: Bluetooth Low Energy Botnet for large scale individual tracking. In Next Generation Computing Applications (NextComp), 2017 1st International Conference on. IEEE, 115--120.

[10]

Shuja Jamil, Sohaib Khan, Anas Basalamah, and Ahmed Lbath. 2016. Classifying Smartphone Screen ON/OFF State Based on Wifi Probe Patterns. In Proceedings of the 2016 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct (UbiComp '16). ACM, New York, NY, USA, 301--304.

Digital Library

[11]

Paul C Kocher. 1996. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Annual International Cryptology Conference. Springer, 104--113.

Digital Library

[12]

Mengyuan Li, Yan Meng, Junyi Liu, Haojin Zhu, Xiaohui Liang, Yao Liu, and Na Ruan. 2016. When CSI meets public WiFi: Inferring your mobile phone password via WiFi signals. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1068--1079.

Digital Library

[13]

Jeremy Martin, Travis Mayberry, Collin Donahue, Lucas Foppe, Lamont Brown, Chadwick Riggins, Erik C Rye, and Dane Brown. 2017. A study of MAC address randomization in mobile devices and when it fails. Proceedings on Privacy Enhancing Technologies 2017, 4 (2017), 365--383.

[14]

Benjamin R Moyers, John P Dunning, Randolph C Marchany, and Joseph G Tront. 2010. Effects of wi-fi and bluetooth battery exhaustion attacks on mobile devices. In System Sciences (HICSS), 2010 43rd Hawaii International Conference on. IEEE, 1--9.

Digital Library

[15]

Le T. Nguyen, Yu Seung Kim, Patrick Tague, and Joy Zhang. 2014. IdentityLink: user-device linking through visual and RF-signal cues. ACM Press, 529--539.

Digital Library

[16]

Michael Ossmann. 2014. Discovering the Bluetooth UAP. http://ubertooth.blogspot.fr/2014/06/discovering-bluetooth-uap.html

[17]

Bluetooth SIG. 2014. Specification of the Bluetooth System v4.2. Version. https://bugs.tizen.org/jira/secure/attachment/13248/output.pdf

[18]

Axel Sikora and Voicu F Groza. 2005. Coexistence of IEEE802.15.4 with other Systems in the 2.4 GHz-ISM-Band. In Instrumentation and Measurement Technology Conference, 2005. IMTC 2005. Proceedings of the IEEE, Vol. 3. IEEE, 1786--1791.

[19]

Stefan Viehböck. 2011. Brute forcing wi-fi protected setup. Wi-Fi Protected Setup 9 (2011).

[20]

Pepe Vila and Boris Köpf. 2017. Loophole: Timing attacks on shared event loops in chrome. In USENIX Security Symposium.

[21]

Shuangquan Wang and Gang Zhou. 2015. A review on radio based activity recognition. Digital Communications and Networks 1, 1 (2015), 20--29.

[22]

Ford-Long Wong and Frank Stajano. 2005. Location privacy in bluetooth. In European Workshop on Security in Ad-hoc and Sensor Networks. Springer, 176--188.

Digital Library

Cited By

Mishra ACunche M(2024)Third Eye: Inferring the State of Your Smartphone Through Wi-Fi2024 IEEE 49th Conference on Local Computer Networks (LCN)10.1109/LCN60385.2024.10639774(1-7)Online publication date: 8-Oct-2024
https://doi.org/10.1109/LCN60385.2024.10639774
Celosia GCunche M(2020)Discontinued Privacy: Personal Data Leaks in Apple Bluetooth-Low-Energy Continuity ProtocolsProceedings on Privacy Enhancing Technologies10.2478/popets-2020-00032020:1(26-46)Online publication date: 7-Jan-2020
https://doi.org/10.2478/popets-2020-0003
Wei F(2020)Detecting Bluetooth Attacks Against Smartphones by Device Status RecognitionArtificial Intelligence and Security10.1007/978-3-030-57884-8_11(120-132)Online publication date: 1-Sep-2020
https://doi.org/10.1007/978-3-030-57884-8_11
Show More Cited By

Index Terms

Detecting smartphone state changes through a Bluetooth based timing attack
1. Networks
  1. Network properties
    1. Network privacy and anonymity
2. Security and privacy
  1. Network security
    1. Mobile and wireless security

Recommendations

Key Negotiation Downgrade Attacks on Bluetooth and Bluetooth Low Energy

Bluetooth (BR/EDR) and Bluetooth Low Energy (BLE) are pervasive wireless technologies specified in the Bluetooth standard. The standard includes key negotiation protocols used to generate long-term keys (during pairing) and session keys (during secure ...
Detecting Bluetooth Attacks Against Smartphones by Device Status Recognition
Artificial Intelligence and Security
Abstract
Bluetooth is a universal wireless standard which is used on most smartphones. With the widespread use of Bluetooth on smartphones, Bluetooth security has received a lot of attention, and it is increasingly important to identify and block Bluetooth ...
Location Privacy Vulnerable from Bluetooth Devices
NBIS '13: Proceedings of the 2013 16th International Conference on Network-Based Information Systems

Bluetooth is a wireless network protocol widely used for many mobile devices. With carrying some Bluetooth devices, individuals are in the risk to be identified without noticing. Many devices are shipped as Bluetooth activated as default. This paper ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WiSec '18: Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks

June 2018

317 pages

ISBN:9781450357319

DOI:10.1145/3212480

General Chair:
Panos Papadimitratos
KTH, Sweden
,
Program Chairs:
Kevin Butler
University of Florida, USA
,
Christina Pöpper
New York University Abu Dhabi, UAE

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

In-Cooperation

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 June 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

WiSec '18

Sponsor:

SIGSAC

WiSec '18: 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks

June 18 - 20, 2018

Stockholm, Sweden

Acceptance Rates

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
193
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)1

Reflects downloads up to 06 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Mishra ACunche M(2024)Third Eye: Inferring the State of Your Smartphone Through Wi-Fi2024 IEEE 49th Conference on Local Computer Networks (LCN)10.1109/LCN60385.2024.10639774(1-7)Online publication date: 8-Oct-2024
https://doi.org/10.1109/LCN60385.2024.10639774
Celosia GCunche M(2020)Discontinued Privacy: Personal Data Leaks in Apple Bluetooth-Low-Energy Continuity ProtocolsProceedings on Privacy Enhancing Technologies10.2478/popets-2020-00032020:1(26-46)Online publication date: 7-Jan-2020
https://doi.org/10.2478/popets-2020-0003
Wei F(2020)Detecting Bluetooth Attacks Against Smartphones by Device Status RecognitionArtificial Intelligence and Security10.1007/978-3-030-57884-8_11(120-132)Online publication date: 1-Sep-2020
https://doi.org/10.1007/978-3-030-57884-8_11
OConnor TEnck WReaves B(2019)Blinded and confusedProceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3317549.3319724(140-150)Online publication date: 15-May-2019
https://dl.acm.org/doi/10.1145/3317549.3319724
Neal TWoodard D(2019)Mobile Biometrics, Replay Attacks, and Behavior Profiling: An Empirical Analysis of Impostor Detection2019 International Conference on Biometrics (ICB)10.1109/ICB45273.2019.8987407(1-8)Online publication date: Jun-2019
https://doi.org/10.1109/ICB45273.2019.8987407

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten