Revisiting urban war nibbling: Mobile passive discovery of Classic Bluetooth devices using Ubertooth One
Institute of Electrical and Electronics Engineers Inc.
Security Research Institute
The ubiquitous nature of Bluetooth technology presents opportunities for intelligence gathering based on historical and real-time device presence data. This information can be of value to law enforcement agencies, intelligence organizations, and industry. Despite the introduction of the Bluetooth Low Energy standard that incorporates anonymity preservation mechanisms, the presence of devices that support Classic Bluetooth that uses unique and persistent device identifiers is expected to remain significant for a number of years. The common approach to finding discoverable Classic Bluetooth devices relies on a standard inquiry process that is not truly passive. Furthermore, this approach fails to detect devices that remain undiscoverable. Ubertooth One, a low-cost open source Bluetooth development platform, can assist with overcoming this limitation in a truly passive manner, making it an attractive digital forensic instrument. Using vehicle-based sensors and parallel multi-method device discovery, we conduct a practical evaluation of Ubertooth One for passive discovery and contrast its discovery rate to the standard method. Based on 83 comparative field experiments, we show that Ubertooth One can produce forensically sound observations while able to discover up to ten times as many devices. We also show that this method can identify repeat device presence, as we observe 2370 instances of repeat observations on different days in single and multiple location scenarios. We conclude that this passive technique can complement the standard method and has the potential be used as a viable alternative.