Bluetooth is a short-range wireless technology that connects various devices and allows restricted types of ad hoc networks to be fashioned. The main difference between Bluetooth and other wireless technologies is that Bluetooth doesn’t perform true wireless networking. Instead, it acts as a cable replacement technology, requiring devices that need to perform external communications to use a cellular telephone connection or other means.
Unfortunately, while wireless communication has become extremely popular, it is susceptible to attacks because of its mobile nature.
Ad hoc networks are comprised of on-the-fly wireless connections between devices. When devices are too far apart to transmit messages directly, some of the devices will act as routers. These devices must use routing protocols to send or receive messages and manage the real-time change in the topology.
But these devices become an excellent target for denial-of-service attacks or battery exhaustion attacks, in which a malicious user tries to use up the battery power of the device. Proper authorization is also needed, and there are very few available methods to identify users. Message encryption and user authorization are needed to achieve confidentiality [5].
Bluetooth security issues
The initial establishment of a link between two Bluetooth devices (trusted or nontrusted) by means of a key exchange method is termed “pairing,” or “bonding.” The goal of the key exchange is authentication and encryption of subsequent communications. This pairing procedure is the weak link in the security protocol, since the initial key exchange occurs in the clear and data encryption occurs only after the derivation of the link key and the encryption keys [1].
Bluetooth encryption is variable in size. To communicate, Bluetooth devices must support multiple key sizes and negotiation. When two devices connect, the master sends the suggested key size to the slave using an application, and then the slave can either accept or reply with another suggestion. This process continues until an agreement is reached.
The key size may vary based on the device or the application, and if no agreement can be reached, the application aborts, and the devices can’t be connected using any encryption scheme. However, this type of protocol is extremely unsafe, because a malicious user may attempt to negotiate with the master to lower the key size [2, 5].
The typical attacks against Bluetooth architectures are eavesdropping, man-in-the-middle, piconet/service mapping and denial-of-service attacks. Improper setup and theft may lead to the other types of attacks [1]. In general, Bluetooth configuration is set at Security Level 1, i.e. no encryption or authentication. This allows attackers to request information from the device, resulting in a greater risk of theft or device loss. Loss or theft of a Bluetooth device compromises not only the device’s data but also the data of all devices trusted by the lost device.
Eavesdropping allows a malicious user to listen to or intercept data intended for another device. Bluetooth uses a frequency-hopping spread spectrum to prevent this attack. Both of the communicating devices calculate a frequency-hopping sequence and the seed of the sequence is a function of the Bluetooth device address (BD_ADDR) and the clock. This enables the devices to hop among the 79 frequencies at a rate of approximately 1,600 times per second. However, a lost or stolen device may eavesdrop on a communication session.
In a man-in-the-middle attack, the attacker obtains the link keys and BD_ADDR of the communicating devices and can then intercept and initiate new messages to both of them. The attacker effectively sets up two point-to-point communications and then makes both devices either slaves or masters.
Bluetooth uses the service discovery protocol (SDP) to find out what services are offered by other devices in the vicinity. The SDP protocol discloses which devices offer certain services, and an attacker may use this information to determine the location of and then attack Bluetooth devices.
Denial-of-service attacks flood the device with requests. No denial-of-service attack on a Bluetooth device has been documented. While this type of attack doesn’t compromise security, it denies the user usage of the device [1, 3, 4, 6].
Necessary security precautions
When using Bluetooth devices, the following security precautions are critical for protecting the system:
- The device and its software must be configured according to tested and established policies. Never leave the device in its default configuration.
- Choose a PIN that is strong, long and unsystematic. If the PIN is out of band, it is impossible for the attacker to intercept.
- To protect the BD_ADDR and its keys, set up the device in nondiscoverable mode until pairing and then set it back to the same mode after pairing. Use a PIN to access the device before communication begins — this protects the user if the device is lost or stolen.
- Employ application layer protection.
- Establish certain protocols for configuration, service policies and enforcement mechanisms to help combat denial-of-service attacks [1, 3, 4, 6].
Ajay Veeraraghavan has a bachelor of science degree in engineering from the Sri Venkateswara College of Engineering in Chennai, India, a master’s in electrical engineering from the University of Denver, and a master’s in computer engineering from the University of Massachusetts Lowell. He has worked at Sun Microsystems Inc. as an intern, and his research interests include embedded systems, computer networks and information security. Adam J. Elbirt has a bachelor’s degree in electrical engineering from Tufts University, a master’s in electrical engineering from Cornell University, and a Ph.D. in electrical engineering from Worcester Polytechnic Institute. He is currently an assistant professor at UMass Lowell and the director of the Information Security Laboratory. |
Ajay Veeraraghavan
Adam J. Elbirt
Conclusions
Bluetooth is becoming one of the most popular communication methods for short-range environments and will become a household word in the near future. This makes resolution of Bluetooth security issues critical. The security of Bluetooth is still inadequate for high-security data transfers. The possible attacks and the extent of data loss demonstrate the need for improved security. However, many of these risks may be mitigated by following the outlined security precautions.
References
- T.C. Niem, “Bluetooth and Its Inherent Security Issues,” Global Information Assurance Certification (GIAC) Security Essentials Certification (GSEC), Research Project, Version 1.4b, Nov. 4, 2002
- J.-Z. Sun, D. Howie, A. Kovisto and J. Sauvola, “Design, Implementation and Evaluation of Bluetooth Security,” IEEE International Conference on Wireless LANS and Home Networks, Singapore, Dec. 5-7, 2001.
- W. Tsang, P. Carey, G. O’Connor and P. Connaughton, “Security Issues and Bluetooth”, Hot Topics in Networking – 2001, Course Research Project, Group 3, Trinity College, Dublin, 2001
- 10Meters News Service, “Bluetooth Chugging Ahead, Security Won’t Derail Adoption”, Feb. 13, 2002; available at http://www.10meters.com/blue_frost_security.html
- J.T. Vainio, “Bluetooth Security,” Internetworking Seminar, Department of Computer Science and Engineering, Helsinki University of Technology, May 25, 2000
- F. Edalat, G. Gopal, S. Misra and D. Rao, “Bluetooth Technology”, ECE 371VV – Wireless Communication Networks, Course Research Project, University of Illinois at Urbana-Champaign, Spring 2001
Related content
- news analysisApple's iPhone slumps as consumers wait for AI IDC says Apple's on a slump, but other analysts think different — and Apple still has a few moves to make. There's a lot riding on iOS 18.ByJonny Evans15 Apr 20245 minsiPhoneSmartphonesApple
- news analysisDo cloud-based genAI services have an enterprise future? As enterprises continue to pilot generative AI projects, many are finding the cost of rolling out the tech in their own data centers can be prohibitive. ISVs like Amazon see a future in offering those AI instances over the web.ByLucas Mearian15 Apr 20246 minsAmazon Web ServicesROI and MetricsCloud Computing
- analysisThis month’s Patch Tuesday release is a big one Although there have been no reports of zero-day flaws, Microsoft’s April Patch Tuesday release included 149 updates.ByGreg Lambert12 Apr 20249 minsMicrosoftWindows 10Windows Security
- newsAfter cloud providers, UK antitrust regulator takes aim at AI Regulators are starting to ask whether innovation in AI would progress faster if it were free from big tech's influence.ByJohn Leyden12 Apr 20246 minsRegulationGenerative AI
SUBSCRIBE TO OUR NEWSLETTER
From our editors straight to your inbox
Get started by entering your email address below.