UCSD Deploys Bluetooth Scanners To Detect Spread Of Malicious Data Between Wireless Devices
Researchers at the UC San Diego division of the California Institute for Telecommunications and Information Technology (Calit2) have deployed Bluetooth scanners around the UCSD campus to study a potential new threat to cyber security: mobile malware.
Mobile malware is the spread of malicious software between wireless devices, in this case among Bluetooth-enabled mobile devices.The Proximity Driven Mobile Malware project, informally known as "Project BlueMap", is designed to track interactions among Bluetooth users at several heavily trafficked locations on the UCSD campus, including Geisel Library and the Price Center. Each scanner can detect multiple Bluetooth devices at any given time, provided those devices are within 10 to 20 meters of the scanner and that they are in "discoverable" mode (to ensure the privacy of users who do not want to be tracked by the scanners).
So far, UCSD's BlueMap scanners have detected thousands of Bluetooth encounters. (An encounter is defined as two or more Bluetooth devices detected at the same time in the same location.) Once the data are collected, researchers will run computer simulations to determine how a virus or other form of mobile malware might theoretically spread between the detected users, much as a biological scientist might determine how a pathogen might be spread between humans in close contact.
"By using these traces, we create models of generic contact patterns," said Per Johansson, principal development engineer for wireless networking in the UCSD division of Calit2. "These sensors are passive windows into a particular location. The idea is that you could get a pretty good model of how people are moving, and how malware might be spread."
The deeper analysis of the Bluetooth trace data is being carried out in a mobile network security project led by UCSD Computer Science and Engineering Professor Geoff M. Voelker and funded by telecommunications giant Ericsson.
Bluetooth is a wireless protocol that was named after a 10th-century king, Harald Blatand (or, in English, Harold Bluetooth). King Blatand was instrumental in unifying previously warring tribes in what are now Norway, Denmark and Sweden. The Bluetooth protocol was likewise intended to unify devices such as mobile phones and laptops through short-range communications technology.
In an indirect way, Bluetooth has also unified two universities – UCSD and the University of Bath, England, where researchers have been studying Bluetooth interactions as part of a multidisciplinary project called "Cityware: Urban Design and Pervasive Systems." The Cityware project employs Bluetooth scans to survey the digital presence and movement flow of people at specific times and locations within Bath's urban center. The UCSD scanners are an extension of Bath's network, which is made up of about 10 scanners.
Widespread adoption of Blueteeth is now expanding from early adopters in Europe to U.S. consumers, and Johansson predicts that the number of Bluetooth users on this side of the
Atlantic will increase as the computing capabilities of mobile phones become more robust and users begin making use of such applications as wireless digital file exchange and Bluetooth stereo headphones.
But where there are more users, there's more malware.
"Right now, Bluetooth is fairly safe," Johansson said. "There aren't that many viruses that can be spread with it, and those that do exist are designed to raid someone else's phonebook or are denial-of-service attacks designed to mess with people and create chaos. The focus for an attacker is likely to be to lure the user into pressing ‘yes' when prompted to download something malicious."
But with an 85 percent mobile phone penetration rate in the U.S. alone, even mild forms of mobile malware have serious implications, Johansson says.
"Perhaps the biggest impact is how you clean up your phone after an attack," he explained. And if the virus is widespread, "mobile stores would be overwhelmed."
Jeff Cuenco, a programmer analyst for Calit2 who is working with the Bluetooth scanners, added that, "with a well-written virus, a lot of damage can be done."
"The software on the iPhone and the Mac OS Plus could be attacked by viruses that attack Mac OS, for example," he explained. "One virus could affect thousands of phones in a couple of hours, and mobile botnets are becoming more and more capable. Imagine if one could infect an FBI agent's phone."
In some cases, says Johansson, people aren't even aware that their phone is Bluetooth-enabled.
"My sense is that there is not much awareness of Bluetooth and how it is used, but that's also how people could be attacked," he said. "They're not aware they have it."
To encourage users to turn their Bluetooth-enabled devices to "discoverable" mode so they can be detected by the scanners and participate in the study, the researchers at Bath developed a "Cityware" Facebook application that uses the unique ID of the Bluetooth device to create new friendship networks. The tool lets users find out if someone they regularly see in the vicinity of a BlueMap scanner is also a Cityware user and has a profile on Facebook. If so, they can choose to add that person to their "friends" list.
In addition, the University of Bath also developed a computer applet for the scanner that resembles an aquarium full of fish. Once a Bluetooth-enabled phone moves in the vicinity of the scanner, that device appears on an attached computer monitor as one of the "fish" in the aquarium.
At UCSD, researchers have rendered the BlueMap scanners themselves "discoverable" in the hopes that attackers will target them with malware. These "honeypots" – a technique used by Voelker and other computer scientists at UCSD to ‘trap' viruses and other malware on the Internet -- record any information that comes in and could eventually help determine how hackers might use Bluetooth to spread malware. The researchers are also looking into creating hybrid scenarios that would test the implications of a virus spread by way of both Bluetooth devices and a wireless network.
Aside from malware research, Johansson and his colleagues see various ways in which the BlueMap scanners could be used for campus-wide communications, such as during an emergency lock-down.
"One usage that came up after the Virginia Tech shootings is public announcements," Calit2's Johansson said. "A scanner could also detect your Bluetooth device as being in a certain location and send you a text message telling you to get to safety."
For now, Johansson says, "the main goal with the project is to get a better understanding of how bad an outbreak of a proximity-based malware attack could be."
"The scanners help us to gather real data on how people actually come into contact with each other," he added. "This is information that is hard to find in existing literature."
SOURCE: UC San Diego