If law enforcement officers can use technology to track people, then people ought to be able to return the favor, according to a robotics hacker who created a service enabling people to monitor police activity using Bluetooth.
Alan Meekins, aka Nullagent, explained at the Def Con conference this summer how a major equipment provider to law enforcement, Axon, uses Bluetooth to tie together hardware like body cameras, Tasers, firearms, and dash cameras.
“Axon has its fingers into every part of police life, from how you charge these devices at home or at the office to interrogation rooms,” he said at his Def Con session titled “Snoop Unto Them as They Snoop Unto Us.”
He explained that just by reading the documentation for the hardware used by police, he discovered how Bluetooth is used to activate bodycams when Tasers are deployed, and guns are drawn from their holsters, as well as activate dashcams when the sirens and flashing lights are turned on in a police car.
Accessing Bluetooth data, like the MAC address of a bodycam, would be valuable to citizens, he maintained.
“If you read the news in the last couple of years, you’ll find out that sometimes police departments can be cagey to release potentially damaging body cam footage,” he said. “It’s hard to compel them because they like to beat around the bush.”
“If you have a way to say, ‘I know this MAC address was in the vicinity, at a particular event or particular occurrence of potential police misconduct’, you can more directly light a fire under their butts,” he added.
Every Device an AirTag
Such information, however, might be valuable to cybercriminals, too. “You could tightly detect the distance that a cop is to your computer, and the computer can self-destruct automagically,” Meekins said.
His RFParty service isn’t designed to track police, but because it maps common internet of things devices, police objects, like bodycams, can be detected.
“What we’re pointing out here is that every device is an AirTag,” he noted. “We need a way to detect all Bluetooth devices.”
“We don’t need one-off solutions that only work on iPhones and take three years for Android to catch up and leave everyone that runs Linux completely in the lurch,” he continued. “We actually need a solution for everyone and for every possible device.”
While Bluetooth connections offer a broader attack surface than wired connections, that doesn’t mean the technology is inherently insecure, asserted Casey Ellis, CTO and co-founder of Bugcrowd, which operates a crowdsourced bug bounty platform.
“It’s more a comment on the accessibility differences between wire and air,” he told TechNewsWorld. “That said, vulnerabilities in Bluetooth are discovered on a semi-regular basis, which can compromise the privacy of the communications, or even the device itself.”
Marginal Consumer Threat
Bluetooth security can vary, depending on the version of the communications technology being used, explained Roger Grimes, a defense evangelist at KnowBe4, a security awareness training provider in Clearwater, Fla.
“In older devices, with earlier versions of Bluetooth, someone sniffing the Bluetooth signal could often eavesdrop on whatever information was being sent or received,” he told TechNewsWorld.
“These days, with newer versions of Bluetooth, more information is encrypted by default and less prone to eavesdropping,” he continued. “But in general, someone sniffing a Bluetooth connection is going to learn the MAC address, can look up the vendor associated with that MAC address, and know if the Bluetooth device is active and transmitting information.”
“Depending on the attack scenario, there can be times when someone can transmit spam to the receiving device,” he added. “There are even rare scenarios where someone could eavesdrop on information being sent to or from a particular device, although these scenarios are often patched, so as long as the holder has the most recent Bluetooth or OS update, the eavesdropping attacks aren’t viable.”
If Bluetooth can be used to track cops, it can be used to track consumers, too, but Grimes discounted that threat. “We’ve been told to be scared about Bluetooth attacks for decades, and no significant attack has ever occurred to warrant most consumers worrying about them,” he said.
“It’s not to say that Bluetooth attacks aren’t possible, but when they are discovered, they are fixed and patched,” he added. “I think consumers have a lot bigger worries than what is happening to their Bluetooth device.”
Maintain Good Security Hygiene
Every person needs to do their own “threat assessment” of their use of Bluetooth devices, recommended Paul Kincaid, acting CISO and vice president of information security products at SecureAuth, an identity access management security solutions maker in Irvine, Calif.
“If you are a journalist that reports on sensitive or controversial topics, you probably should not use Bluetooth earbuds to talk to sources,” he told TechNewsWorld.
“However,” he continued, “if you are just someone listening to music with your earbuds, you probably do not have to worry too much.”
“Maintaining good security hygiene — updating your device when available, not accepting unknown or unexpected pairing requests — and if you are not using Bluetooth at the time or at all, disable it on your device,” he added.
Hackers targeting Bluetooth connections can get a wealth of information that’s valuable to them, noted Callie Guenther, a cyber threat research senior manager at Critical Start, a national cybersecurity services company.
For example, every device has a unique MAC address that allows the hacker to identify and track the device.
Pairing data can also be purloined. “When two devices pair, they exchange encryption keys,” Guenther told TechNewsWorld. “If an attacker can intercept this exchange, they could potentially decrypt the communication between devices.”
Attackers can also intercept data, such as contact lists, calendar appointments, and audio phone calls.
Bluetooth is also used to connect wireless keyboards and mice to a computer, which opens yet another point of attack.
“Without encryption for the Bluetooth signals, it could be possible that an attacker close enough to the user could intercept keystrokes, which could lead to the compromise of sensitive data such as passwords,” Kincaid noted.