|Attributed to Joshua Wright (2012) “Security will not get better until tools for practical exploration of the attack surface are made available”.
With Bluetooth enabled but discovery mode turned off, auditing for Bluetooth devices, or creating an accurate Bluetooth device hardware log has been limited. The software tools and hardware devices to monitor WiFi networking signals have long been a part of the security auditor’s arsenal, but similar tools for Bluetooth were bespoke, expensive, and beyond the scope of most security professionals.
However, this has changed with the introduction of the Ubertooth One, a low-cost and open-source platform for monitoring Bluetooth Classic signals. Using a combination of the Ubertooth One, and other high power Bluetooth devices, an auditor should now finally be able to actively scan for rogue devices that may otherwise have been missed.
This thesis looks at various hardware combinations that can be used to achieve this functionality, and the possible implications from a compliance point of view, with a particular focus on the standards used by the Payment Card Industry Data Security Standard (PCI-DSS), and the guidelines offered by the National Institute of Standards and Technology (NIST).
This work attempts to compare the results of scanning with traditional Bluetooth devices alone, compared to an Ubertooth/Bluetooth combination. Highlighting how this newfound ability to monitor a larger portion of Bluetooth traffic can potentially highlight serious implications in the compliance landscape of many organisations and companies.
The number of devices containing Bluetooth chipsets will continue to rise and this area of research will become more and more relevant as security and compliance auditors attempt to stem the tidal wave of vulnerabilities brought by the Bring Your Own Device (BYOD) and Internet of Things (IoT) phenomena.