Skip to Main content Skip to Navigation
New interface
Conference papers

Detecting smartphone state changes through a Bluetooth based timing attack

Guillaume Celosia 1 Mathieu Cunche 1 
1 PRIVATICS - Privacy Models, Architectures and Tools for the Information Society
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services, Inria Lyon
Abstract : Bluetooth is a popular wireless communication technology that is available on most mobile devices. Although Bluetooth includes security and privacy preserving mechanisms, we show that a Blue-tooth harmless inherent request-response mechanism can taint users privacy. More specifically, we introduce a timing attack that can be triggered by a remote attacker in order to infer information about a Bluetooth device state. By observing the L2CAP layer ping mechanism timing variations, it is possible to detect device state changes, for instance when the device goes in or out of the locked state. Our experimental results show that change point detection analysis of the timing allows to detect device state changes with a high accuracy. Finally, we discuss applications and countermeasures.
Complete list of metadata

Cited literature [23 references]  Display  Hide  Download
Contributor : Guillaume Celosia Connect in order to contact the contributor
Submitted on : Monday, September 10, 2018 - 12:47:49 PM
Last modification on : Friday, August 5, 2022 - 3:51:07 AM
Long-term archiving on: : Tuesday, December 11, 2018 - 2:17:56 PM


Files produced by the author(s)



Guillaume Celosia, Mathieu Cunche. Detecting smartphone state changes through a Bluetooth based timing attack. WiSec '18 - 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks, Jun 2018, Stockholm, Sweden. pp.154-159, ⟨10.1145/3212480.3212494⟩. ⟨hal-01870011⟩



Record views


Files downloads