Bluetooth in Brief

January 17th, 2012 by admin No comments »

Bluetooth is a radio or wireless technology designed for short range data communications in the Industrial, Scientific and Medical (ISM) band. The frequency range is from 2.402Ghz to 2.480Ghz, with the available frequency spectrum being broken up into 79 x 1Mhz wide bands.

Bluetooth was designed by Ericsson as a short range wireless connectivity solution and is used to build Personal Area Networks, or PANs as they are known so that devices in close proximity can pass information. Typical examples being a mobile phone downloading data to a Personal Computer or a mobile phone earpiece communicating with the phone itself.

The technology behind Bluetooth is known as FHSS (Frequency Hopped Spread Spectrum), where the datastream is broken up into small pieces, each containing several binary bits of data which are transmitted in a pseudo random sequence over a series of up to 79 frequency bands. As Bluetooth has developed and matured, a number of data modulation schemes have been used to modulate the data onto the radio carriers including GFSK (Gaussian Frequency Shift Keying), DQPSK (Differential Quadrature Phase Shift Keying) and 8DPSK (8-ary Differential Phase Shift Keying). The development and use of the different modulation schemes were an attempt to increase the data rates of the system.

So how does Bluetooth operate?

Two or more Bluetooth devices that establish a connection (and share a channel) form a small wireless network known as a Piconet, with up to eight devices, forming the piconet. One device becomes the Master station, can join a Bluetooth piconet. Normally the device which initiates the connection will be the Master and other devices joining the PAN will be slaves. The master passes a Frequency Hopping Synchronisation (FHS) packet to any slaves containing its address and clock. The address of the Master Bluetooth device is used to determine the hop sequence and all slaves use the Master Clock to determine which frequency to transmit or receive on at any given time.

A group of piconets are referred to as a Scatternet, with each individual piconet having a unique hopping sequence, determined by it’s Master’s address. If a collision occurs where two devices transmit on the same frequency, a device will just retransmit the data on the next frequency hop. Although this can ultimately affect the performance and data rate of the transmission, it is the accepted method, just like collisions are a way of life in a shared Ethernet network when a hub is in use.

Devices can be a member of multiple piconets by using each Master address to determine the hopping sequence for each network, but can only be the Master for one piconet. The access method used by Bluetooth devices is known as TDD (Time-Division Duplex) where each device (Master and Slave) share the same frequency and are allocated a timeslot during which to transmit. A master will normally use even-numbered time slots and the slave will use odd numbered timeslots.

There are two types of transmission links normally supported by Bluetooth, known as SCO (Synchronous Connection-Orientated) and ACL (Asynchronous Connectionless Link). General Bluetooth operation uses ACL, where the packet and payload length will determine how many timeslots are required. Because ACL is Connection-Orientated, packets that are not acknowledged will be automatically retransmitted, abeit on a different timeslot or timeslots. Forward error correction can be employed as an option and although the data delivery may be more reliable, the data rate will reduce accordingly depending on how error prone the environment is at the time.

Voice over Bluetooth normally used an SCO link, where the voice data is sent over a number of reserved timeslots within an already established ACL link. Retransmissions do not occur on an SCO link as this could cause a number of problems, least of all latency and jitter. However, forward error correction can be used to provide a degree of reliability. There is an Enhanced version of SCO that can employ retransmission in some circumstances.

The latest version of Bluetooth, version 4 and all previous versions of Bluetooth have been designed to be backward compatible with previous versions, so no worry about using older devices with the newer Bluetooth devices.

The Bluetooth technologies have allowed us to provide fast data communications between devices that are in close proximity (within a few metres) without the need for a cable running RS-232 protocol for example and so have provided us with mobility free from the constraints imposed with the use of copper wiring.

No comments »

Posted in computer, mobile, notebook

Tags:

Social Engineering, Email Harvesting

January 16th, 2012 by admin No comments »

Social engineering is commonly understood to mean the art of manipulating people into performing actions or divulging confidential information. While it is similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victims.

I am going to talk about a skim used by spammers to harvest for legitimate email address from your contact list. There are plenty of ways used to harvest emails, but the one I am focusing on is “Email forwarding”

Normally when you create an email account, you will start building contact list, containing email addresses of your friends, relatives, co-workers, etc. Over time, you will have a substantial number of contacts in your contact book.

Email forwarding

“Forward” is a very handy function available in almost all email clients, this allows one to pass over the email to some other recipient. But something to note is; the forwarded mail includes the email address of the original sender and any other forwarded addresses of the same instance.

Email harvesting scenario

Say you are a GoodGuy with your email and 50 contacts on your mail account. The BadGuy sends you a mail with a very emotional religious message, or a very nice joke, or an irresistible offer to something that you are likely to fall for, and guilt’s you into forwarding to at least 10 friends including the BadGuy. And you end up doing that, with good faith. Now 10 friends from your contact will receive your humbled mail message, with the instructions to do the same, “forward to at least 10 friends”. At the same time the BadGuy receives a copy of any forward from the recursive senders.

Simply put, if you forward the mail to 10 contacts, and they do the same in good faith and the third circle does the same. “Roughly something like this happens”

1 + 10^1 + 10^2 + 10^3 approximately 1000 email contacts will have been harvested in just three circles, now this will keep growing depending on the number of forwards to the amount of contacts forwarded to. And then you and your friends start receiving some commercial mails from services that you never even visited or heard of. And you wonder how on earth they did they get my email. Well, you gave it to them; you actually helped them get even some of your friend’s emails.

This is the effect of social engineering, the mail will play with your psychological consciousness, and you will think you are doing a good thing to respond; in return you are falling for somebodies social engineering scam.

Solution

There is no software to fight social engineering attacks, because it is you that you will end up giving up information, or executing some processes, or allowing some application to do something on your private sensitive information. The important thing is to build awareness, change the culture of the way we operate and disclose sensitive information.

To avoid becoming a victim of a social engineering attack:

  • Be suspicious of unsolicited contacted from individuals seeking internal organizational data or personal information.
  • Do not provide personal information or passwords over email or on the phone.
  • Do not provide information about your organization.
  • Pay attention to website URLs that use a variation in spelling or a different domain (e.g.,.com vs..net).
  • Verify a request’s authenticity by contacting the company directly.
  • Install and maintain anti-virus software, firewalls, and email filters.

If you think you are a victim of a social engineering attack:

  • Report the incident immediately.
  • Contact your financial institution and monitor your account activity.
  • Immediately change all of your passwords.
  • Report the attack to the police, and file a report with the authority.

I am Phesto Enock Mwakyusa, Owner and founder of Qusaz intelligent solutions Ltd. I am a software engineer by profession, currently working in Helsinki. I love what I do. I also do professional training on different ICT related subjects on demand, I like adventures road trips, exploring the beauty of Gods creation. I love music, listening and playing. It has great emotional power in me, and lifts my spirit high. Easy going and I like reading about new technology, impacts and also write my opinions and thoughts through my blogs and article databases like this.

No comments »

Posted in gadgets, internet

Tags: