Wi-Fi Channel Saturation as a Mechanism to Improve Passive Capture of Bluetooth Through Channel Usage Restriction

TL;DR

This paper investigates the impact of Wi-Fi channel saturation on passive Bluetooth traffic capture, revealing an interaction that could enable DoS attacks, but questioning the effectiveness of channel restriction for security improvements.

Contribution

It evaluates the proposed use of Wi-Fi saturation to improve Bluetooth passive sniffing and uncovers an undocumented interaction between Bluetooth and Wi-Fi technologies.

Findings

Wi-Fi saturation may enable DoS attacks on Bluetooth devices.

Channel restriction does not significantly improve passive Bluetooth capture.

An interaction between Bluetooth and Wi-Fi could be exploited for attack.

Abstract

Bluetooth is a short-range wireless technology that provides audio and data links between personal smartphones and playback devices, such as speakers, headsets and car entertainment systems. Since its introduction in 2001, security researchers have suggested that the protocol is weak, and prone to a variety of attacks against its authentication, link management and encryption schemes. Key researchers in the field have suggested that reliable passive sniffing of Bluetooth traffic would enable the practical application of a range of currently hypothesised attacks. Restricting Bluetooth's frequency hopping behaviour by manipulation of the available channels, in order to make brute force attacks more effective has been a frequently proposed avenue of future research from the literature. This paper has evaluated the proposed approach in a series of experiments using the software defined radio tools and custom hardware developed by the Ubertooth project. The work concludes that the mechanism suggested by previous researchers may not deliver the proposed improvements, but describes an as yet undocumented interaction between Bluetooth and Wi-Fi technologies which may provide a Denial of Service attack mechanism.