Jump to content
xisto Community

Bluetooth : Primer & Security Issues

Recommended Posts

Initially touted as the technology that would finally free us from the horrors of multiple tangled cables and cords, Bluetooth didn’t catch on as quickly as expected. Until recently, there just weren’t that many useful (with the emphasis on “useful”) Bluetooth devices available – at least, not for desktop computing. Users of handheld computers (such as my Palm Zire 72) adopted the technology more quickly, as it allowed us to easily attach portable keyboards, headsets, printers, etc. to our portable devices Bluetooth-enabled cell phones allow me to connect my PDA to the Internet through them.


Bluetooth was designed to be the basis of the Personal Area Network (PAN) – a way for devices within relatively close proximity to communicate wirelessly with one another. The range for Bluetooth transmissions varies from about 1 meter up to 100 meters, depending on the power class of the device. Thus, the most powerful (Class 1) can communicate over a distance of more than 300 feet, similar to a typical wi-fi network.


Like 802.11b and g, Bluetooth transmits over the 2.4 GHz radio frequency. Its speed is limited to about 1 Mbps (far slower than wi-fi, but still roughly equivalent to a typical broadband Internet connection). It uses LMP (Link Manager Protocol) to handle the connections between devices.


Bluetooth Security Issues


Bluetooth can operate in one of three security models:


Mode 1 is non security.

Mode 2 provides security at the service level, after the channel is established.

Mode 3 provides security at the link level, before the channel is established.

Each Bluetooth device has a unique 48-bit device address. The authentication scheme is challenge-response, using symmetric keys, and encryption is done with a key that can be up to 128 bits (negotiated by the communicating devices, with each device having a maximum key length defined). A 128 bit random link key handles security transactions between two or more devices.


When two Bluetooth devices establish a communications channel, they both create an initialization key. A passkey or Personal Identification Number is input and the inititalization key is created, and the link key is calculated using it. Then the link key is used for authentication.


The first security concern is the passkey or PIN. As with any key, long keys are more secure than short ones. If a hacker is able to discover the passkey, he can calculate possible initiation keys, and then from that, calculate the link key. Making the passkey long will make it much harder to accomplish the first step.


The initial key exchange takes place over an unencrypted link, so it is especially vulnerable. It’s best if this part of the BT device pairing process takes place in a more physically secure location (that is, where there are not likely to be any lurkers with BT devices who could intercept the communications). A hacker could record transmissions sent over the BT frequency and use them to recreate the PIN.


Rather than using the same fixed passkey all the time, it should be changed frequently



Why Does Bluetooth Security Matter?


Many Bluetooth users only use the technology to connect a wireless headset or similar device to their portable computers, and they may wonder why security is a big deal. Implementing security, even for these types of device pairings, can prevent an unauthorized user from using the headset.


However, another use of Bluetooth is to create a temporary computer network. For example, several people in a meeting room can connect their Bluetooth-enabled laptops to each other to share files during the meeting.


When you use Bluetooth to create a temporary network, it is usually an ad hoc network; that is, computers communicate directly with each other rather than going through a wireless access point (WAP). This means you have no centralized point of security control, as you do with a WAP (for example, you can configure a WAP to use MAC address filtering and other built-in security mechanisms). Thus, security becomes a major concern because you can be exposing important data stored on your laptop to others on the Bluetooth network. Remember that the range for class 1 Bluetooth devices can be more than 300 feet – far enough so that in some locations, the BT equivalent of the wi-fi “war driver” may be able to establish a link with your computer even though not within your sight.


Another special concern is the security of Bluetooth mobile phones. These phones may have information stored on them such as the addresses and phone numbers of contacts, calendar information and other PDA-type data. Hacking into these phones using Bluetooth is called bluesnarfing. Newer mobile phones and software upgrades for older phones can patch this vulnerability.


A related hacking technique is called bluebugging, and it involves accessing the phone’s commands so that the hacker can actually make phone calls, add or delete contact info, or eavesdrop on the phone owner’s conversations. This vulnerability, too, is being addressed by phone manufacturers. Thus, if you own a BT-enabled phone, it’s important to keep the software updated or upgrade to the latest phone models frequently.


Bluetooth devices can also be targets of Denial of Service (DoS) attacks, typically by bombarding the device with requests to the point that it causes the battery to degrade.


Finally, there are “cell phone worms” such as Cabir that can use the Bluetooth technology to propagate to other BT devices. Cabir targets phones that use the Symbian OS.


The relatively short range of most Bluetooth devices helps to ameliorate the risk of most of these security issues. For example, to practice bluesnarfing or bluebugging against a BT phone, the hacker would typically need to be within about 10 meters (a little less than 33 feet) of the target phone.



In conclusion, keep Bluetooth on only when required and that too preferably when you're in a decently secure area (which again is extemely relative). Use longer passkeys when pairing devices and upgrade if a security alert is issued by the manufacturer of your device.

Share this post

Link to post
Share on other sites

Don't tempt the gods mate...

It was a good little summary, and you did change a few things...But alot is still just copy pasted.

I warned you for now, and I have disabled your posting abilities for 12hours...But I will give them back to you in hopes that you've learnt a lesson :D.

Alternate the post to take into consideration of the copy/pasting (Use quotes).

On the topic of the article...Good work, I've really been looking into getting a bluetooth device...
Maybe you should talk about PSP's usage on it :D

Share this post

Link to post
Share on other sites

Apologies, old chap!


I was in a bit of a hurry and wanted to improve my credit ratings. Still an informative piece none-the-less.


Credit for the piece goes to Debra Shinder from http://www.windowsecurity.com/


Notice from SpaceWaste:

No need to double post, just edit your original :D.


Since you are a first time offender, and had a very calm reaction, I will let you off with a warning...But next time I might not be so nice...OR the other mods :D.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.