ABSTRACT
Over the past year, there have been several reports of malicious code exploiting vulnerabilities in the Bluetooth protocol. While the research community has started to investigate a diverse set of Bluetooth security issues, little is known about the feasibility and the propagation dynamics of a worm in a Bluetooth environment. This paper is an initial attempt to remedy this situation.We start by showing that the Bluetooth protocol design and implementation is large and complex. We gather traces and we use controlled experiments to investigate whether a large-scale Bluetooth worm outbreak is viable today. Our data shows that starting a Bluetooth worm infection is easy, once a vulnerability is discovered. Finally, we use trace-drive simulations to examine the propagation dynamics of Bluetooth worms. We find that Bluetooth worms can infect a large population of vulnerable devices relatively quickly, in just a few days.
- F. Armknecht. A Linearization Attack on the Bluetooth Key Stream Generator, 2002. Cryptology ePrint Archive, Report 2002/191.Google Scholar
- Bluetooth. Specification of the Bluetooth System, 2006. http://www.bluetooth.org/foundry/adopters/document/Core_v2.0_EDR/en/1/Core_v2.0_EDR.zip.Google Scholar
- Bluetooth.com. The Official Bluetooth Wireless Info Site, 2006. http://www.bluetooth.com.Google Scholar
- BlueZ. BlueZ -- Official Linux Bluetooth Protocol Stack, 2006. http://www.bluez.org.Google Scholar
- T. Bunker. Serious Flaws in Bluetooth Security Lead to Disclosure of Personal Data, 2006. http://www.thebunker.net/security/bluetooth.htm.Google Scholar
- R. G. Cole. Initial Studies on Worm Propagation in MANETS for Future Army Combat Systems, 2004. http://stinet.dtic.mil/oai/oai&verb=getRecord&metadataPrefix=html&identifier=ADA431999.Google Scholar
- R. G. Cole, N. Phamdo, M. A. Rajab, and A. Terzis. Requirements of Worm Mitigation Technologies in MANETS. In Principles of Advanced and Distribution Simulation, 2005. Google ScholarDigital Library
- ComputerWorld. Cabir Worm Wriggles into U.S. Mobile Phones, 2005. http://www.computerworld.com/securitytopics/security/virus/story/0,108 01,99935,00.html.Google Scholar
- CRAWDAD. Crawdad: A Community Resource for Archiving Wireless Data at Dartmouth, 2006. http://crawdad.cs.dartmouth.edu/l.Google Scholar
- D. Dagon, T. Martin, and T. Starner. Mobile Phones as Computing Devices: The Viruses are Coming! IEEE Pervasive Computing, 3(4):11--15, 2004. Google ScholarDigital Library
- N. Eagle and A. Pentland. Reality Mining: Sensing Complex Social Systems. Journal of Personal and Ubiquitous Computing, June 2005. Google ScholarDigital Library
- S. R. Fluhrer. Improved Key Recovery of Level 1 of the Bluetooth Encryption System, 2002. Cryptology ePrint Archive, Report 2002/068.Google Scholar
- M. Herfurt. Bluetsnarfing @ CeBIT 2004 -- Detecting and Attacking Bluetooth-enabled Cellphones at the Hanover Fairground, 2004. http://trifinite.org/Downloads/BlueSnarf_CeBIT2004.pdf.Google Scholar
- M. Hermelin and K. Nyberg. Correlation Properties of the Bluetooth Combiner Generator. In Information Security and Cryptology, pages 17--29, 1999. Google ScholarDigital Library
- B. Hoh and M. Gruteser. Computer Ecology: Responding to Mobile Worms with Location-Based Quarantine Boundaries. In International Workshop on Research Challenges in Security and Privacy for Mobile and Wireless Networks, 2006.Google Scholar
- InfoSyncWorld. First Symbian OS Virus to Replicate over MMS Appears, 2005. http://www.infosyncworld.com/news/n/5835.html.Google Scholar
- M. Jakobsson and S. Wetzel. Security Weaknesses in Bluetooth. CT-RSA 2001: Proceedings of the 2001 Conference on Topics in Cryptology, pages 176--191, 2001. LNCS 2020. Google ScholarDigital Library
- A. Laurie, M. Holtmann, and M. Herfurt. Bluetooth Hacking, 2004. http://www.ccc.de/congress/2004/fahrplan/event/66.en.html.Google Scholar
- O. Levy and A. Wool. A Uniform Framework for Cryptanalysis of the Bluetooth E0 cipher, 2005. Cryptology ePrint Archive, Report 2005/107.Google Scholar
- Y. Lu and S. Vaudenay. Faster Correlation Attack on Bluetooth Keystream Generator E0. In Advances in Cryptology (CRYPTO), Santa Barbara, CA, 2004.Google ScholarCross Ref
- Mobileinfo.com. Bluetooth Technology -- What are the Applications?, 2006. http://www.mobileinfo.com/Bluetooth/applic.htm.Google Scholar
- D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver. The Spread of the Sapphire/Slammer Worm. Technical Report CAIDA, ICSI, Sillicon Defense, UC Berkeley EECS and UC San Diego, January 2003.Google Scholar
- D. Moore, C. Shannon, and J. Brown. Code-red: a case study on the spread and victims of an internet worm,. In Proceedins of the 2002 Internet Measurement Workshop, November 2002. Google ScholarDigital Library
- E. O'Neill, T. Kindberg, A. F. gen Schieck, T. Jones, A. Penn, and D. S. Fraser. Instrumenting the city: developing methods for observing and understanding the digital cityscape. In Proc. of the 8th International Conference on Ubiquitous Computing (UBICOMP), 2006. Google ScholarDigital Library
- Palm. Bluetooth technology: what is it, how does it work, and what can I do with it?, 2006. http://kb.palmone.com/SRVS/CGI-BIN/WEBCGI.EXE New,Kb=PalmSupportKB,ts=Palm_External2001,case=obj(20821).Google Scholar
- PCWorld. What's Cooking? Bluetooth Hits the Kitchen, 2002. http://www.pcworld.com/news/article/0,aid,95223,00.asp.Google Scholar
- T. Register. Bluetooth to Outship Wi-Fi Five to One, 2003. http://www.theregister.co.uk/2003/06/18/bluetooth_to_outship_wifi_five/Google Scholar
- Y. Shaked and A. Wool. Cracking the Bluetooth PIN. In Proceedings of 3rd USENIX/ACM Conference of Mobile Systems, Applications and Services (MOBISYS), June 2005. Google ScholarDigital Library
- S. Staniford, V. Paxson, and N. Weaver. How to 0wn the internet in your spare time. In Proc. of 2002 USENIX Security Symposium, 2002. Google ScholarDigital Library
- O. Whitehouse. Bluetooth: Red Fang, Blue Fang, 2004. http://www.cansecwest.com/csw04/csw04-Whitehouse.pdf.Google Scholar
- Wikipedia. Compartmental models in epidemiology, 2006. http://en.wikipedia.org/wiki/Compartmental_models_in_epidemiology.Google Scholar
Index Terms
A preliminary investigation of worm infections in a bluetooth environment
Recommendations
Detecting, validating and characterizing computer infections in the wild
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conferenceAlthough network intrusion detection systems (IDSs) have been studied for several years, their operators are still overwhelmed by a large number of false-positive alerts. In this work we study the following problem: from a large archive of intrusion ...
Countermeasures against Worm Spreading: A New Challenge for Vehicular Networks
Vehicular ad hoc networks (VANETs) are essential components of the intelligent transport systems. They are attracting an increasing amount of interest in research and industrial sectors. Vehicular nodes are capable of transporting, sensing, processing ...
Self-stopping worms
WORM '05: Proceedings of the 2005 ACM workshop on Rapid malcodeModern network worms spread with tremendous speed-potentially covering the planet in mere seconds. However, for most worms, this prodigious pace continues unabated long after the outbreak's incidence has peaked. Indeed, it is this ongoing infection ...
Comments