Detecting smartphone state changes through a Bluetooth based timing attack

Guillaume Celosia 1 Mathieu Cunche 1
1 PRIVATICS - Privacy Models, Architectures and Tools for the Information Society
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services
Abstract : Bluetooth is a popular wireless communication technology that is available on most mobile devices. Although Bluetooth includes security and privacy preserving mechanisms, we show that a Blue-tooth harmless inherent request-response mechanism can taint users privacy. More specifically, we introduce a timing attack that can be triggered by a remote attacker in order to infer information about a Bluetooth device state. By observing the L2CAP layer ping mechanism timing variations, it is possible to detect device state changes, for instance when the device goes in or out of the locked state. Our experimental results show that change point detection analysis of the timing allows to detect device state changes with a high accuracy. Finally, we discuss applications and countermeasures.
Complete list of metadatas

Cited literature [23 references]  Display  Hide  Download

https://hal.inria.fr/hal-01870011
Contributor : Guillaume Celosia <>
Submitted on : Monday, September 10, 2018 - 12:47:49 PM
Last modification on : Tuesday, March 19, 2019 - 11:36:01 AM
Long-term archiving on : Tuesday, December 11, 2018 - 2:17:56 PM

File

main.pdf
Files produced by the author(s)

Identifiers

Citation

Guillaume Celosia, Mathieu Cunche. Detecting smartphone state changes through a Bluetooth based timing attack. WiSec '18 - 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks, Jun 2018, Stockholm, Sweden. pp.154-159, ⟨10.1145/3212480.3212494⟩. ⟨hal-01870011⟩

Share

Metrics

Record views

140

Files downloads

426