DeepSec 2013 Talk: Uncovering your Trails – Privacy issues of Bluetooth Devices

René Pfeiffer/ October 30, 2013/ Conference, Security

Bluetooth has been around for a while. Hackers and security researchers (such as trifinite.org and others) immediately investigated the weaknesses of protocol and implementations – The specifications have evolved, but so has the proliferation of Bluetooth-capable devices. Smartphones, dumb phones, computers, bulletin boards, media players, tablets, game consoles, headsets, and many more support Bluetooth wireless communication. Even though bugs of the past were fixed, the widespread capabilities of devices allow for a lot of creative use by adversaries. At DeepSec 2013 Verónica Valeros and Garcia Sebastian will give you an update about Bluetooth hacking and your exposure to attackers.

When we think about our own privacy, we usually think of our private data, passwords, personal stuff, web pages we have accessed or phone calls we have made. Information about our behaviour in real life (where we are, where we go, where we live) is usually thought of as difficult to get.

We have developed a new tool called bluedriving, that combines the information of Bluetooth devices and GPS positions. For the last year we have been capturing data in several cities and different countries. The analysis of these data gave us an insight about the behavioural patterns that can be found on the street.

Have you ever thought that your Bluetooth device may disclose when you arrive at home? Or which route you take to work? Or how big  the TV is you have in your living room? Or if your kid is at school today? Or even, in some cases, may disclose the type of disease you have? We will show you in our talk what information is usually disclosed by your devices and how it’s possible for anyone to follow you on the street by using the Bluetooth signal of your phone.

We have known for quite some time that the mobile network operators are able to get our positions from the cell towers. However, our work has shown that first, now anyone can do it, and second, that we can analyze cars, TVs, headsets, speakers, medical equipment and lot of other Bluetooth enabled devices to gain information about you as well.

The goal of this talk is to raise awareness about the threat that Bluetooth devices may represent to your personal privacy by showing what can actually be done with your personal data.

The talk is recommended for everyone who is owning/using devices with Bluetooth capabilities – and frankly, who doesn’t?

Share this Post

About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.

2 Comments

Comments are closed.