Exploiting bluetooth vulnerabilities in e-health IoT devices

Internet of Things (IoT) is an interconnected network of heterogeneous things through the Internet. The current and next generation of e-health systems are dependent on IoT devices such as wireless medical sensors. One of the most important applications of IoT devices in the medical field is the usage of these smart devices for emergency healthcare. In the current interconnected world, Bluetooth Technology plays a vital role in communication due to its less resource consumption which suits the IoT architecture and design. However Bluetooth technology does not come without security flaws. In this article, we explore various security threats in Bluetooth communication for e-Health systems and present some examples of the attacks that have been performed on e-Health systems by exploiting the identified vulnerabilities - 2019 Association for Computing Machinery.This publication was made possible by NPRP grant NPRP10-0125-170250 from the Qatar National Research Fund (a member of Qatar Foundation). The statements made herein are solely the responsibility of the authors.Scopu

Improving compliance with bluetooth device detection

The number of devices containing Bluetooth chipsets is continuing to rise and there exists a need to stem the tidal wave of vulnerabilities brought by the Bring Your Own Device (BYOD) and Internet of Things (IoT) phenomena. With Bluetooth enabled but discovery mode turned off, auditing for Bluetooth devices, or creating an accurate Bluetooth device hardware log is limited. The software tools and hardware devices to monitor WiFi networking signals have long been a part of the security auditor’s arsenal, but similar tools for Bluetooth are bespoke, expensive, and not adopted by most security pentesters. However, this has changed with the introduction of the Ubertooth One, a low-cost and open-source platform for monitoring Bluetooth Classic signals. Using a combination of the Ubertooth One, and other high-power Bluetooth devices, an auditor should now be able to actively scan for rogue devices that may otherwise have been missed. This research examines various hardware combinations that can be used to achieve this functionality, and the possible implications from a compliance point of view, with a focus on the standards used by the Payment Card Industry Data Security Standard (PCI-DSS), and the guidelines offered by the National Institute of Standards and Technology (NIST). We compare the results of scanning with traditional Bluetooth devices as opposed to an Ubertooth/Bluetooth combination. We show how the ability to monitor a larger portion of Bluetooth traffic can highlight serious implications in the compliance landscape of many organisations and companies. We demonstrate that identifying non-discoverable devices with Bluetooth enabled is a crucial element in holistic security monitoring of threats

Mobile Devices Attacks

Táto práca sa zaoberá bezpečnostnými architektúrami v mobilných zariadeniach a rôznymi formami útokov proti nim. V prvej časti je úvod do bezpečnosti mobilných zariadení a bezpečnostné riziká súvisiace s mobilnými zariadeniami. Sú tu uvedené slabé miesta vo WLAN sieťach a úvod do Bluetooth technológie aj s rizikami. V druhej časti je predstavenie produkčného testovania, ktoré sa využíva u spoločnosti Nokia a popis jednotlivých testov používaných na vyskúšanie funkčnosti zariadení. Rovnako sa v nej nachádza popis architektúry, ktorou sú mobilné zariadenia u spoločnosti Nokia zabezpečené voči rôznym formám útokov viažucim sa na inštalovanie softwaru a testovanie.This thesis studies security architecture in mobile devices and different forms of attack against them. The first part introduces the mobile devices security and security threats related to mobile devices. WLAN security threats are introduced, Bluetooth technology is described and security threats related to it. The second part introduces Nokia production testing and description of the tests which are used to proof the device stability and functionality. In the second part is also description of whole device security related to production testing and software installing.

Survey and Systematization of Secure Device Pairing

Secure Device Pairing (SDP) schemes have been developed to facilitate secure communications among smart devices, both personal mobile devices and Internet of Things (IoT) devices. Comparison and assessment of SDP schemes is troublesome, because each scheme makes different assumptions about out-of-band channels and adversary models, and are driven by their particular use-cases. A conceptual model that facilitates meaningful comparison among SDP schemes is missing. We provide such a model. In this article, we survey and analyze a wide range of SDP schemes that are described in the literature, including a number that have been adopted as standards. A system model and consistent terminology for SDP schemes are built on the foundation of this survey, which are then used to classify existing SDP schemes into a taxonomy that, for the first time, enables their meaningful comparison and analysis.The existing SDP schemes are analyzed using this model, revealing common systemic security weaknesses among the surveyed SDP schemes that should become priority areas for future SDP research, such as improving the integration of privacy requirements into the design of SDP schemes. Our results allow SDP scheme designers to create schemes that are more easily comparable with one another, and to assist the prevention of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications Surveys & Tutorials 2017 (Volume: PP, Issue: 99

Designing a comprehensive security framework for smartphones and mobile devices

This work investigates issues and challenges of cyber security, specifically malware targeting mobile devices. Recent advances in technology have provided high CPU power, large storage, broad bandwidth and integrated peripheral devices such as Bluetooth, Wi-Fi, 3G/4G to mobile devices, making them popular computing and communication devices. Mobile malware has been targeting mobile devices more than ever and seems to be shifted from their traditional host, the personal computers, to more vulnerable victims. In this study, we mainly focus on malware for Android-based mobile devices. We analyze and discuss related malware and recognize its trends and challenges. We also present a comprehensive security solution that addresses the security from malware threats