T 5.137 Analysis of connection data relating to wireless communication

When using wireless communication, the signals transmitted over the transmission route cannot be shielded physically against unauthorised eavesdropping or recording. For this reason, an attacker could execute his/her attack without the access problems common to line-based communication. In wireless networks using several base stations to support communication in a large area, for example mobile communication networks, it is also common to determine the approximate location of the mobile end devices to ensure they can be accessed quickly. If the devices establish a connection themselves, then they also provide information on their location in the course of establishing the connection. This location information can be used by the network operator or service operator - but also by third parties - to form movement profiles.

Examples:

• In WLANs based on IEEE 802.11, the hardware address of a WLAN card, also known as the MAC address, is sent every time data is transmitted. This means that a clear relationship can be established between the MAC address of the wireless client and the time and location of the data transmission.
  
  In this manner, movement profiles can be created for mobile users, for example when and where the users log in to public hotspots. Since the MAC address is transmitted in unencrypted form, it is not only possible for the operators of the hotspots to create movement profiles. In principle, anyone who installs a wireless LAN component in a suitable public place can intercept the MAC addresses of other users.
  The wireless communication of Bluetooth connections can be received passively and recorded with the help of Bluetooth protocol analysers. With knowledge of the device addresses, synchronisation with the frequency hopping sequence can even be performed when the devices are in the "non-discoverable" mode. All layers of the Bluetooth protocol stack can be viewed and analysed offline. It is also possible to extract and intercept the transmitted user data (payload) if encryption is not used. Through the use of a directional antenna and suitable electronics to amplify the Bluetooth signal received, this type of eavesdropping can also be performed at an even greater distance than the normal functional range. A transmission output power control is optional and is not supported by every Bluetooth device.
  
  The use of the frequency hopping method alone therefore does not represent a serious obstacle for a well-informed attacker even though it is often written that this makes it significantly more difficult to log in without authorisation or receive and listen in on Bluetooth connections. The reason for using a frequency hopping method is to keep the number of transmission errors due to interference from the operation of other devices (e.g. WLANs) using the same frequency band low, and therefore to ensure a high level of availability.
• The unique Bluetooth device addresses can be misused to trace the individual devices. By tracing the devices, it is possible to create movement profiles of the users. The device address is not only used to establish a connection, and each data packet contains part of the device address of the master (24 of the 48 bits).