Uncovering your trails. Privacy issues of bluetooth devices.

Transcript

1. Uncovering your trails Privacy issues of bluetooth devices Verónica Valeros

   @verovaleros Sebastián García @eldracote MatesLab Hackerspace www.mateslab.com.ar

2. Motivation • Bluetooth wardriving with GPS. • Position and the

   social significance, not only in the data. • Visualization and correlation.

3. Social aspects of Bluetooth • Most of the time a

   mobile phone is used by the same individual. • If you find the phone, you find the owner. • With position and time we have behavior.

4. Before starting… Bluetooth • Wireless communication estándar designed for short

   range (2.4GHz). (source wikipedia.org)

5. Our proposal: Bluedriving https://github.com/verovaleros/bluedriving

6. Previous Tools • Bluelog: Scanner. No gps. • Bluesniff: Scanner.

   No gps. • Pwntooth y Bluediving: Scan and attack. No gps. Working? • Btscanner: Scanner. No gps.

7. Previous Tools • Kismet. Scanner with gps (?). No following.

   • Wigle bluetooth (android). No gps. • BlueMaho. Not Working. • Post bluedriving (Nov 2012): • warcarrier: Scanner with gps. No following. February 2013.

8. Bluedriving. The tool. • Finds bluetooth devices. • Service discovery.

   • Get the position using a GPS or the ‘poor man GPS’. • History of positions. • Get real world address from GPS.

9. Bluedriving. The tool. • Online and offline web page. •

   Resolve MAC vendor. • Show maps with the devices. • Street ready • Alerts • Notes • Sound for different states • Offline data analysis.

10. Bluedriving console

11. Bluedriving console • Python with bluetooth libraries. • Find devices.

    • Gets and caches the GPS position. • Multithread to scan and store. • Verifies if the device is new. • Make sounds and alerts. • Send emails.

12. Bluedriving WebServer. Results

13. Bluedriving WebServer. Device Info

14. Bluedriving WebServer. Maps

15. Bluedriving WebServer. All devices

16. Bluedriving manageDB tool • Merge databases. • List and enumerate

    all the DB. • Delete devices. • Search by name and similar GPS position. • Rank the devices with more positions. • Resolve and store vendors.

17. Data analysis

18. Data • > 8400 devices so far. • 4 cities.

    • ~ 200 different vendors.

19. Market share

20. Data analysis • TVs • [TV]Samsung LED75 • [TV]Samsung LED46

    • TVBluetooth • LGE DTV BCM20702A1 • Cars • Audi UHV 5719 • Audi UHV 5347 • Ford Audio • Skoda BT • Seat 5018 • Peugeot • Citroën • Skoda_UHV 1 unique vendor: TEMIC SDS GmbH

21. Data analysis • Parrot, Garmin-Nuvi • Parrot CK3100 • Parrot

    MINIKIT+ • Parrot Zik V1.04 • Parrot MKi9200 • nuvi #3858222923 • Printers • Canon MP800R-1 • Paying terminals • Ingenico International • 5720, 0830, 3246, 3186, 3171, 7996, 1656, …

22. Medical devices? • Spirobank G-USB - SN806181: '2013-06- 30 02:13:03'

    • Spirobank G-USB - SN806181: '2013-06- 30 17:07:33'

23. Data analysis • AeroSkull • '2013-09-15 18:08:16' • '2013-09-15 18:12:50'

    • GPS/Car alarms: Jablotron • CA-1803_5EC • CA-1803_E95 • CA-1803_986 • CA-1803_641

24. Data analysis • Wii • Nintendo RVL-CNT-01-TR: '2013-08-14 15:56:15' •

    Nintendo RVL-CNT-01: '2013-08-14 15:40:51' • Embedded devices • WIN-E66LMJPU5C9 (E0:2A:82:78:B7:B4) • LEGO • 00:16:53:08:F4:85 | LEGO System A/S IE El

25. No opt-out • Dell’s issue • When powering up, Bluetooth

    is discoverable by default. It is independent of the OS configuration. “Dell Wireless 365 Bluetooth Module” • Car’s issue • Some cars vendors do not allow to switch off the bluetooth.

26. Following people in the street

27. Following people in the street • If we have the

    MAC • Use the alarms. Easy. • If we do not have the MAC • Use sounds to found it. • Difficult but possible.

28. Following people. Behavior • Same individual, different days.

29. Following people in the street • Walking in the city

30. Following people in the street

31. • Car in the city Following people in the street

32. • 4 hours on bus. Following people in the street

33. Following people in the street

34. Following people. Impact • People can be followed if bluetooth

    is discoverable. • 20 meters precision. • If you must use it, it cannot be avoided. • Anonymous and untraceable (without services). • The behavioral pattern can be seen. If the individual is arriving, at home, at office, shopping, on the street, etc.

35. Legally following people? • “Canada's Roads Traffic division uses data

    collected from travelers' Bluetooth devices to predict travel times and road congestion for motorists.” (http: //bit.ly/S8TpiB) • Clark County engineers seek improvements using 'discoverable' data from motorists' devices (http://bit. ly/17bEf7f) -> “It sounds kind of like Big Brother, right?” Klug said.”

36. Legally following people? • Bluejacking? • Mateslab BlueBlue: http://bit.ly/16SepSO, •

    blueper • BlueWhere: “Indoors” position. No GPS. (il)Legally following people? • Flame (http://bit.ly/1b7KolM)

37. We are all infosec professionals... ...even though, from ~160 assistants

    29% has bluetooth discoverable

38. Final remarks • Be aware of the implications on your

    privacy of using bluetooth. • Use bluetooth if you need, but know what can be done with this information. • After using it… turn it off.

39. Thanks for staying! Thanks to all MatesLab Hackspace members for

    their support! www.mateslab.com.ar Verónica Valeros [email protected] @verovaleros Sebastián García [email protected] @eldracote Hackers or dominated

40. Cyber privacy analysis on the cloud using big data APT’s

    hadoop servers

41. Market survey April 2013 Source: IDC Worldwide Mobile Phone Tracker,

    April 25, 2013 http://www.idc.com/getdoc.jsp?containerId=prUS24085413

42. Market survey 2004 BlueSnarf_CeBIT2004.pdf 2004