Bluetooth Devices in Wireshark

Bluetooth is a popular protocol for building wireless. A common use for Bluetooth is to connect mobile phone accessories, but there are other applications such as Wireless Mouse and Keyboard for Computers. 

Uses for Bluetooth Include:

• Hands-free cellular headset – for calls.
• A2DP headset – for high-quality music (and often supports calls as well) 
• Carkit – Device with multiple profiles for in-car use (various features e.g., phone calls, SMS/MMS/email notifications) 
• Low Energy Device – Healthy, Closed 
• HID devices – mice, keyboards, gamepads 
• Network access point (also known as tethering) – establish an Internet connection to your device or another device. 
• Serial Port – has the opportunity to transfer all types of data via Bluetooth using the RFCOMM profile  
• FILE SHARING VIA OBEX – USE ON PHONE, TABLET, AND COMPUTER

 

Bluetooth Devices in Wireshark:

• Download the Wireshark program
• Install and run Wireshark

Once you have installed Wireshark, follow these steps to get started with Bluetooth analysis:

1. Click “Start capturing”
2. Select the interface/port to capture from the drop-down list
3. Enter a filename for your capture file and click OK.
4. Click Start Capturing. You can choose whether you want all packets shown in the Packet List pane or only those that match your rules.
5.  The default setting is “always show”.  If you have captured the packets for more than one interface, Wireshark will prompt you to select the interface. 
6. The easiest way to do this is by clicking on the dropdown list of interfaces and selecting the desired one from it.
7. Once you decide on an interface, open it in Interfaces (if not already) where you can see all the interactions between your device and Wireshark.
8. Once you select the specific interface, you will be able to see more detailed information about your packets.
9. One of the most common Bluetooth vulnerabilities comes from not validating or not analyzing data coming from an outside source. If one device does not validate or check for malicious commands sent by another device, it could be exposing itself to security risks.

Countermeasures:

• In some cases, the only way a security vulnerability in Bluetooth can be fixed is by releasing a new iOS (Apple) or Android (Google) version that fixes the vulnerability. 
• For instance, Apple released a security patch in 2012 to “address an issue with Class of Service data that could be used in a denial of service attack.” While Apple devices are generally safer than Android devices, this shows how difficult it is to maintain and fix vulnerabilities in hardware/device systems.
• You must ensure that you are configuring your Bluetooth correctly from the beginning. Device names and PINs are both important in securing a device because they prevent other devices from connecting to your device. In addition to these two configuration settings, an influential feature is ensuring that you enable pairing (i.e., auto-connect).

Conclusion: 

Bluetooth devices can be used by hackers to get around standard protocols and security measures, so it’s significant to understand how to use them and what risks they pose. Once you have finished exploring Bluetooth with Wireshark, you will have a better understanding of how Bluetooth works and what you should look out for when connecting with other devices.