skip to main content
10.1145/1179542.1179545acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
Article

A preliminary investigation of worm infections in a bluetooth environment

Published:03 November 2006Publication History

ABSTRACT

Over the past year, there have been several reports of malicious code exploiting vulnerabilities in the Bluetooth protocol. While the research community has started to investigate a diverse set of Bluetooth security issues, little is known about the feasibility and the propagation dynamics of a worm in a Bluetooth environment. This paper is an initial attempt to remedy this situation.We start by showing that the Bluetooth protocol design and implementation is large and complex. We gather traces and we use controlled experiments to investigate whether a large-scale Bluetooth worm outbreak is viable today. Our data shows that starting a Bluetooth worm infection is easy, once a vulnerability is discovered. Finally, we use trace-drive simulations to examine the propagation dynamics of Bluetooth worms. We find that Bluetooth worms can infect a large population of vulnerable devices relatively quickly, in just a few days.

References

  1. F. Armknecht. A Linearization Attack on the Bluetooth Key Stream Generator, 2002. Cryptology ePrint Archive, Report 2002/191.Google ScholarGoogle Scholar
  2. Bluetooth. Specification of the Bluetooth System, 2006. http://www.bluetooth.org/foundry/adopters/document/Core_v2.0_EDR/en/1/Core_v2.0_EDR.zip.Google ScholarGoogle Scholar
  3. Bluetooth.com. The Official Bluetooth Wireless Info Site, 2006. http://www.bluetooth.com.Google ScholarGoogle Scholar
  4. BlueZ. BlueZ -- Official Linux Bluetooth Protocol Stack, 2006. http://www.bluez.org.Google ScholarGoogle Scholar
  5. T. Bunker. Serious Flaws in Bluetooth Security Lead to Disclosure of Personal Data, 2006. http://www.thebunker.net/security/bluetooth.htm.Google ScholarGoogle Scholar
  6. R. G. Cole. Initial Studies on Worm Propagation in MANETS for Future Army Combat Systems, 2004. http://stinet.dtic.mil/oai/oai&verb=getRecord&metadataPrefix=html&identifier=ADA431999.Google ScholarGoogle Scholar
  7. R. G. Cole, N. Phamdo, M. A. Rajab, and A. Terzis. Requirements of Worm Mitigation Technologies in MANETS. In Principles of Advanced and Distribution Simulation, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. ComputerWorld. Cabir Worm Wriggles into U.S. Mobile Phones, 2005. http://www.computerworld.com/securitytopics/security/virus/story/0,108 01,99935,00.html.Google ScholarGoogle Scholar
  9. CRAWDAD. Crawdad: A Community Resource for Archiving Wireless Data at Dartmouth, 2006. http://crawdad.cs.dartmouth.edu/l.Google ScholarGoogle Scholar
  10. D. Dagon, T. Martin, and T. Starner. Mobile Phones as Computing Devices: The Viruses are Coming! IEEE Pervasive Computing, 3(4):11--15, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. N. Eagle and A. Pentland. Reality Mining: Sensing Complex Social Systems. Journal of Personal and Ubiquitous Computing, June 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. S. R. Fluhrer. Improved Key Recovery of Level 1 of the Bluetooth Encryption System, 2002. Cryptology ePrint Archive, Report 2002/068.Google ScholarGoogle Scholar
  13. M. Herfurt. Bluetsnarfing @ CeBIT 2004 -- Detecting and Attacking Bluetooth-enabled Cellphones at the Hanover Fairground, 2004. http://trifinite.org/Downloads/BlueSnarf_CeBIT2004.pdf.Google ScholarGoogle Scholar
  14. M. Hermelin and K. Nyberg. Correlation Properties of the Bluetooth Combiner Generator. In Information Security and Cryptology, pages 17--29, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. B. Hoh and M. Gruteser. Computer Ecology: Responding to Mobile Worms with Location-Based Quarantine Boundaries. In International Workshop on Research Challenges in Security and Privacy for Mobile and Wireless Networks, 2006.Google ScholarGoogle Scholar
  16. InfoSyncWorld. First Symbian OS Virus to Replicate over MMS Appears, 2005. http://www.infosyncworld.com/news/n/5835.html.Google ScholarGoogle Scholar
  17. M. Jakobsson and S. Wetzel. Security Weaknesses in Bluetooth. CT-RSA 2001: Proceedings of the 2001 Conference on Topics in Cryptology, pages 176--191, 2001. LNCS 2020. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. A. Laurie, M. Holtmann, and M. Herfurt. Bluetooth Hacking, 2004. http://www.ccc.de/congress/2004/fahrplan/event/66.en.html.Google ScholarGoogle Scholar
  19. O. Levy and A. Wool. A Uniform Framework for Cryptanalysis of the Bluetooth E0 cipher, 2005. Cryptology ePrint Archive, Report 2005/107.Google ScholarGoogle Scholar
  20. Y. Lu and S. Vaudenay. Faster Correlation Attack on Bluetooth Keystream Generator E0. In Advances in Cryptology (CRYPTO), Santa Barbara, CA, 2004.Google ScholarGoogle ScholarCross RefCross Ref
  21. Mobileinfo.com. Bluetooth Technology -- What are the Applications?, 2006. http://www.mobileinfo.com/Bluetooth/applic.htm.Google ScholarGoogle Scholar
  22. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver. The Spread of the Sapphire/Slammer Worm. Technical Report CAIDA, ICSI, Sillicon Defense, UC Berkeley EECS and UC San Diego, January 2003.Google ScholarGoogle Scholar
  23. D. Moore, C. Shannon, and J. Brown. Code-red: a case study on the spread and victims of an internet worm,. In Proceedins of the 2002 Internet Measurement Workshop, November 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. E. O'Neill, T. Kindberg, A. F. gen Schieck, T. Jones, A. Penn, and D. S. Fraser. Instrumenting the city: developing methods for observing and understanding the digital cityscape. In Proc. of the 8th International Conference on Ubiquitous Computing (UBICOMP), 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Palm. Bluetooth technology: what is it, how does it work, and what can I do with it?, 2006. http://kb.palmone.com/SRVS/CGI-BIN/WEBCGI.EXE New,Kb=PalmSupportKB,ts=Palm_External2001,case=obj(20821).Google ScholarGoogle Scholar
  26. PCWorld. What's Cooking? Bluetooth Hits the Kitchen, 2002. http://www.pcworld.com/news/article/0,aid,95223,00.asp.Google ScholarGoogle Scholar
  27. T. Register. Bluetooth to Outship Wi-Fi Five to One, 2003. http://www.theregister.co.uk/2003/06/18/bluetooth_to_outship_wifi_five/Google ScholarGoogle Scholar
  28. Y. Shaked and A. Wool. Cracking the Bluetooth PIN. In Proceedings of 3rd USENIX/ACM Conference of Mobile Systems, Applications and Services (MOBISYS), June 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. S. Staniford, V. Paxson, and N. Weaver. How to 0wn the internet in your spare time. In Proc. of 2002 USENIX Security Symposium, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. O. Whitehouse. Bluetooth: Red Fang, Blue Fang, 2004. http://www.cansecwest.com/csw04/csw04-Whitehouse.pdf.Google ScholarGoogle Scholar
  31. Wikipedia. Compartmental models in epidemiology, 2006. http://en.wikipedia.org/wiki/Compartmental_models_in_epidemiology.Google ScholarGoogle Scholar

Index Terms

  1. A preliminary investigation of worm infections in a bluetooth environment

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in
        • Published in

          cover image ACM Conferences
          WORM '06: Proceedings of the 4th ACM workshop on Recurring malcode
          November 2006
          88 pages
          ISBN:1595935517
          DOI:10.1145/1179542

          Copyright © 2006 ACM

          Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 3 November 2006

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • Article

          Upcoming Conference

          CCS '24
          ACM SIGSAC Conference on Computer and Communications Security
          October 14 - 18, 2024
          Salt Lake City , UT , USA

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader