Generic device naming
BR/EDR
BLE
Bluetooth devices can send publicly and without the need of authentication or authorization their name and or any other related data.
The Bluetooth name of a device can give information about the type of device, its user or include the MAC or ID itself. It is recommended that the device has a generic name and discloses the minimum necessary information.
Knowing who owns a Bluetooth device allows targeted attacks and leads to a privacy problem by being able to uniquely identify a device at a specific time and place.
Description
The device name may appear during discovery, in BLE announcements or in Inquiry responses, or by requesting it with a HCI_Remote_Name_Request message.
In the first case, the name can simply be found during the discovery process, so any Bluetooth application will be useful to display it. However, some devices do not send the name in the discovery packets, so it will be necessary to actively request it.
For this second case, a connection is established with the device and the name is requested with the HCI command HCI_Remote_Name_Request.
The name obtained in this way must not contain data indicating the purpose of the device or personal data of its user.
Related resources
To obtain the name in the manner described above, the following resources may be useful:
| ID | Description |
|---|---|
| BSAM-RES-04 | Bluetooth connections sniffing |
| BSAM-RES-05 | Capture of a Bluetooth connection |
| BSAM-RES-07 | Sending and receiving HCI messages |
| BSAM-RES-08 | Device discovery |
Example case
We will use Wireshark with BTVS (btvs.exe -Mode wireshark) (btvs.exe -Mode wireshark) to capture packets for analysis.
Upon opening Wireshark, packets from nearby devices’ advertisements are received. Some devices may include data in their advertisement packets, such as the device name field value L600474.
The name indicates to a potential attacker the existence of this device and may even provide the device model.
