ISSN: 2312-7694 Vincent et al, / International Journal of Computer and Communication System Engineering (IJCCSE), Vol. 2 (4), 2015, 608-613 608 | Page © IJCCSE All Rights Reserved Vol. 02 No.04 June 2015 www.ijccse.com Blue bugging Java Enabled Phones via Bluetooth Protocol Stack Flaws Vincent N. Omollo School of Telecommunication and Information Engineering Jomo Kenyatta University of Agriculture and Technology Nairobi, Kenya S. Musyoki Department of Telecommunication and Information Engineering Technical University of Kenya Nairobi, Kenya Abstract - The Bluetooth technology derives its name from a tenth-century king of Denmark and Norway, Harald Blaatand , who amalgamated many sovereign Scandinavian tribes into a single kingdom. It is an open standard for short-range radio frequency communication that has been used principally to establish wireless personal area networks. This technology has been incorporated into many types of business and consumer devices. Such devices include cell phones, laptops, automobiles, printers, keyboards, mice, and headsets. The Bluetooth technology permits users to form ad hoc networks between an extensive assortment of devices to convey voice and data. It is a low-cost, low-power technology that provides a means for creating small wireless networks on an ad hoc basis. These networks are known as piconets. This is composed of two or more Bluetooth devices in close physical proximity that operate on the same channel using the same frequency hopping sequence. In spite of the Bluetooth merits, due to its wireless nature, this technology is potentially vulnerable to many attacks. This is due to the fact that it is very intricate to circumvent Bluetooth signals from trickling outside the desired borders. The feasible damage of a successful wireless attack begins with the ability to snoop on the data transferred during the communication of two devices, and ends with the ability to fully mimic other devices. In this paper, the researchers demonstrate how to hack a mobile phone, determine its address, communications channel for communication with the headset and other functional profiles, the RFCOMM channel, and phone settings information. Index Terms- Protocol, Bluetooth, WPANs, pairing, cell phones I. INTRODUCTION Bluetooth technology operates in the unlicensed 2.4 GHz to 2.4835 GHz Industrial, Scientific, and Medical (ISM) frequency band [1]. It employs frequency hopping spread spectrum (FHSS) technology for data transmissions. The frequency hopping reduces interference and transmission errors but provides minimal transmission security [2]. With this technology, communications between Bluetooth devices use 79 different 1 megahertz (MHz) radio channels by hopping frequencies about 1,600 times per second for data/voice links and 3,200 times per second during page and inquiry scanning. A channel is used for a very short period, followed by a hop to another channel designated by a pre- determined pseudo-random sequence. This process is repeated continuously in the frequency hopping sequence. The Bluetooth initialization procedures consist of the following phases: creation of an initialization key; creation of a link key; and authentication [1]. After the pairing steps are completed, the devices can derive an encryption key to hide all future communication in an optional fourth step. Before the pairing process can begin, the PIN code must be entered into both Bluetooth devices. In some devices such as wireless earphones, the PIN is fixed and cannot be changed. In such cases, the fixed PIN is entered into the peer device. If two devices have a fixed PIN, they cannot be paired, and therefore cannot communicate [3]. Figure 1 demonstrates the pairing process. During the pairing process, the Slave devices, such as headset, keyboard connects with master devices, such as phones and laptops, in which device IDs are passed and a number of keys are generated. The pairing process normally entails some level of user interaction, for example, entering a PIN, which is the foundation for confirming the identity of the devices. Due to the user interaction, the PIN is not transmitted over the wireless channel. An initialization key is then generated from the PIN. The initialization key is used to concur upon a link key, which is based on the type of communication desired. The link key is then used to generate the encryption key [4].