Generic device naming

BR/EDR

BLE

Bluetooth devices can send publicly and without the need of authentication or authorization their name and or any other related data.

The Bluetooth name of a device can give information about the type of device, its user or include the MAC or ID itself. It is recommended that the device has a generic name and discloses the minimum necessary information.

Knowing who owns a Bluetooth device allows targeted attacks and leads to a privacy problem by being able to uniquely identify a device at a specific time and place.

Description

The device name may appear during discovery, in BLE announcements or in Inquiry responses, or by requesting it with a HCI_Remote_Name_Request message.

In the first case, the name can simply be found during the discovery process, so any Bluetooth application will be useful to display it. However, some devices do not send the name in the discovery packets, so it will be necessary to actively request it.

For this second case, a connection is established with the device and the name is requested with the HCI command HCI_Remote_Name_Request.

The name obtained in this way must not contain data indicating the purpose of the device or personal data of its user.

To obtain the name in the manner described above, the following resources may be useful:

IDDescription
BSAM-RES-04Bluetooth connections sniffing
BSAM-RES-05Capture of a Bluetooth connection
BSAM-RES-07Sending and receiving HCI messages
BSAM-RES-08Device discovery

Example case

We will use Wireshark with BTVS (btvs.exe -Mode wireshark) (btvs.exe -Mode wireshark) to capture packets for analysis.

Upon opening Wireshark, packets from nearby devices’ advertisements are received. Some devices may include data in their advertisement packets, such as the device name field value L600474.

Wireshark LE Meta Device Name

The name indicates to a potential attacker the existence of this device and may even provide the device model.