Using Bluetooth Devices as an Additional Security Measure in Linux

by Aaron Grothe  (ajgrothe@yahoo.com)

BlueProximity is a program that can be added to your Linux system to have your system perform actions automatically when a Bluetooth device is in or out of range.  BlueProximity does this by monitoring a paired Bluetooth device and performing a set of actions when the device is no longer available.

Disclaimer: It is possible to spoof Bluetooth addresses, so this is not a fool-proof system.  It can be useful as part of a defense in depth strategy.

To use BlueProximity, you'll need the following:

  • Bluetooth adapter either built into your machine or a USB device.  DealExtreme has a USB Bluetooth adapter that works really well with Linux that costs less than $2.00 shipped.

  • Bluetooth device.  Lots of people will select their phones.  Keep in mind that cheap Bluetooth headsets can also work quite well for this purpose and they won't drain the battery on your phone.

  • Bluetooth stack/management software installed on your computer - if you install BlueProximity with your package manager on your system, this should be installed along with the BlueProximity software.

  • BlueProximity software.  Installed through your computer's software manager.

Getting Started

First, you will need to pair your Bluetooth device with your Linux computer.

This is usually done through one of the following programs: Bluemon, BlueDevil or GNOME Bluetooth.

After the device is paired, you can go to the BlueProximity icon, which should be displayed on your toolbar, and start configuring it.  All you have to do initially is select a Bluetooth device to monitor and accept the defaults.  By default, the system will lock the screen when you are typically more than 25 feet away and unlock when you get closer than that.

To quickly get the system to kill all of your SSH connections, change the line for the locking command from: gnome-screensaver-command -l to gnome-screensaver-command -l && killall ssh

You can chain commands together with && to have the lock/unlock actions do multiple commands for you.

Potential Uses

Out of the box, BlueProximity will automatically lock your computer's screen when your Bluetooth device is unavailable.  Don't worry, you can always enter your password to unlock the screen saver.

Ideally, you can have it perform actions like the following as well:

  • Unmount encrypted filesystems so they are not available on the system.
  • Kill your Dropbox session.
  • Portknock a remote system to let it know you are locking your system.
  • Run a program like wipe on sensitive files.
  • Kill SSH connections to remote machines.
  • Almost anything else you can think of.

A Couple of Quick Tips

Do not set the lockout duration to zero - there will be occasional hiccups in the Bluetooth communication and this will help prevent you from hitting random locks.

If you right-click on the BlueProximity icon, you can select pause which can be helpful when playing around with the settings.

To have the system do multiple tasks, you can either use && or ; between the commands to have the locking/unlocking actions perform multiple tasks.

To have the system do more complex tasks, replace the commands in the "Action commands" section with scripts.  That way, you can do multiple tasks easily.

Make sure the device is paired with your computer before you use it.  If you don't do this, you might hit random locks as the Bluetooth device might not stay available if not paired.

Links
Return to $2600 Index