Bluetooth Security
Bluetooth security is increasingly important with hackers using Bluejacking & Bluebugging and other techniques, but Bluetooth security is now improving.
Bluetooth Tutorial / Summary Includes:
Bluetooth technology basics
How Bluetooth works
Bluetooth Classic: how it works
Bluetooth Low Energy: how it works
File transfer
Bluetooth profiles
Pairing & networking
Security
Bluetooth 2 EDR
How to connect Bluetooth devices
Bluetooth security like that for any other wireless system is very important. With hackers gaining access to an ever increasing number of systems, Bluetooth security is increasingly important.
The latest releases of Bluetooth have increased the levels of security to combat the threat of hackers - any wireless link provides an opportunity for entry into a network.
Not only is the level of security increasing on the hardware elements that often have inbuilt security, but also the level of security built into Bluetooth itself is improving.
Bluetooth security basics
Bluetooth security is of paramount importance as devices are susceptible to a variety of wireless and networking attacking including denial of service attacks, eavesdropping, man-in-the-middle attacks, message modification, and resource misappropriation.
Bluetooth security must also address more specific Bluetooth related attacks that target known vulnerabilities in Bluetooth implementations and specifications. These may include attacks against improperly secured Bluetooth implementations which can provide attackers with unauthorized access.
Many users may not believe there is an issue with Bluetooth security, but hackers may be able to gain access to information from phone lists to more sensitive information that others may hold on Bluetooth enabled phones and other devices.
There are three basic means of providing Bluetooth security:
- Authentication: In this process the identity of the communicating devices are verified. User authentication is not part of the main Bluetooth security elements of the specification.
- Confidentiality: This process prevents information being eavesdropped by ensuring that only authorised devices can access and view the data.
- Authorisation: This process prevents access by ensuring that a device is authorised to use a service before enabling it to do so.
Security measures provided by the Bluetooth specifications
The various versions of the specifications detail four Bluetooth security modes. Each Bluetooth device must operate in one of four modes:
- Bluetooth Security Mode 1: This mode is non-secure. The authentication and encryption functionality is bypassed and the device is susceptible to hacking. Bluetooth devices operation in Bluetooth Security Mode 1. Devices operating like this do not employ any mechanisms to prevent other Bluetooth-enabled devices from establishing connections. While it is easy to make connections, security is an issue. It may be applicable to short range devices operating in an area where other devices may not be present. Security Mode 1 is only supported up to Bluetooth 2.0 + EDR and not beyond.
- Bluetooth Security Mode 2: For this Bluetooth security mode, a centralised security manager controls access to specific services and devices. The Bluetooth security manager maintains policies for access control and interfaces with other protocols and device users.
It is possible to apply varying trust levels and policies to restrict access for applications with different security requirements, even when they operate in parallel. It is possible to grant access to some services without providing access to other services. The concept of authorisation is introduced in Bluetooth security mode 2. Using this it is possible to determine if a specific device is allowed to have access to a specific service.
Although authentication and encryption mechanisms are applicable to Bluetooth Security Mode 2, they are implemented at the LMP layer (below L2CAP).
All Bluetooth devices can support Bluetooth Security Mode 2; however, v2.1 + EDR devices can only support it for backward compatibility for earlier devices. - Bluetooth Security Mode 3: In Bluetooth Security Mode 3, the Bluetooth device initiates security procedures before any physical link is established. In this mode, authentication and encryption are used for all connections to and from the device.
The authentication and encryption processes use a separate secret link key that is shared by paired devices, once the pairing has been established.
Bluetooth Security Mode 3 is only supported in devices that conform to Bluetooth 2.0 + EDR or earlier. - Bluetooth Security Mode 4: Bluetooth Security Mode 4 was introduced at Bluetooth v2.1 + EDR.
In Bluetooth Security Mode 4 the security procedures are initiated after link setup. Secure Simple Pairing uses what are termed Elliptic Curve Diffie Hellman (ECDH) techniques for key exchange and link key generation.
The algorithms for device authentication and encryption algorithms are the same as those defined in Bluetooth v2.0 + EDR.
The security requirements for services protected by Security Mode 4 are as follows:
- Authenticated link key required
- Unauthenticated link key required
- No security required
Common Bluetooth security issues
There are a number of ways in which Bluetooth security can be penetrated, often because there is little security in place. The major forms of Bluetooth security problems fall into the following categories:
- Bluejacking: Bluejacking is often not a major malicious security problem, although there can be issues with it, especially as it enables someone to get their data onto another person's phone, etc. Bluejacking involves the sending of a vCard message via Bluetooth to other Bluetooth users within the locality - typically 10 metres. The aim is that the recipient will not realise what the message is and allow it into their address book. Thereafter messages might be automatically opened because they have come from a supposedly known contact
- Bluebugging: This more of an issue. This form of Bluetooth security issue allows hackers to remotely access a phone and use its features. This may include placing calls and sending text messages while the owner does not realise that the phone has been taken over.
- Car Whispering: This involves the use of software that allows hackers to send and receive audio to and from a Bluetooth enabled car stereo system
In order to protect against these and other forms of vulnerability, the manufacturers of Bluetooth enabled devices are upgrading he security to ensure that these Bluetooth security lapses do not arise with their products.
Written by Ian Poole .
Experienced electronics engineer and author.
Wireless & Wired Connectivity Topics:
Mobile Communications basics
2G GSM
3G UMTS
4G LTE
5G
Wi-Fi
Bluetooth
IEEE 802.15.4
DECT cordless phones
Networking fundamentals
What is the Cloud
Ethernet
Serial data
USB
LoRa
VoIP
SDN
NFV
SD-WAN
Return to Wireless & Wired Connectivity