Definitions[edit | edit source]
|“||an open standard for short-range radio frequency (RF) communication. It is a wireless network protocol describing how certain types of mobile phones, computers, and personal digital assistants (PDAs) can be interconnected using unlicensed radio spectrum.||”|
|“||proprietary open wireless technology standard for exchanging data over short distances from fixed and mobile devices.||”|
|“||a wireless technology standard for exchanging data over short distances (using short-wavelength radio transmissions in the ISM band from 2400-2480 MHz) from fixed and mobile devices, creating personal area networks (PANs) with high levels of security.||”|
Overview[edit | edit source]
Bluetooth technology is used primarily to establish wireless personal area networks (WPAN), commonly referred to as ad hoc or peer-to-peer (P2P) networks. Bluetooth technology has been integrated into many types of business and consumer devices, including cellular phones, personal digital assistants (PDA), laptops, automobiles, printers, and headsets. This allows users to form ad hoc networks between a wide variety of devices to transfer voice and data, known as piconets.
Bluetooth employs frequency-hopping spread spectrum (FHSS) technology for all transmissions. FHSS reduces interference and transmission errors and provides a limited level of transmission security. With FHSS technology, communications between Bluetooth devices use 79 different radio channels by hopping (i.e., changing) frequencies about 1600 times per second for data/voice links and 3200 times per second during page and inquiry scanning. A channel is used for a very short period (e.g. 625 microseconds for data/voice links), followed by a hop designated by a pre-determined pseudo-random sequence to another channel; this process is repeated continuously in the frequency-hopping sequence.
Bluetooth also provides for radio link power control, where devices can negotiate and adjust their radio power according to signal strength measurements. Each device in a Bluetooth network can determine its received signal strength indication (RSSI) and make a request of the other network device to adjust its relative radio power level (i.e., have the transmission power incrementally increased or decreased). This is performed to conserve power and/or to keep the received signal characteristics within a preferred range.
Data rates for Bluetooth 1.0 are typically around 700 kilobits per second (kbps). The range for Bluetooth varies based on the transmit power used. Class 3 Bluetooth devices have a range of approximately 1 meter, class 2 approximately 10 meters, and class 1 approximately 100 meters. Bluetooth 2.0 extends the data rate of the wireless connection to three times that of Bluetooth 1.0.
Vulnerabilities[edit | edit source]
Bluetooth technology and associated devices are susceptible to general wireless networking threats, such as denial of service attacks, eavesdropping, man-in-the-middle attacks, message modification, and resource misappropriation. They are also threatened by more specific Bluetooth-related attacks that target known vulnerabilities in Bluetooth implementations and specifications. Attacks against improperly secured Bluetooth implementations can provide attackers with unauthorized access to sensitive information and unauthorized usage of Bluetooth devices and other systems or networks to which the devices are connected.
Security modes[edit | edit source]
Each Bluetooth device must operate in one of the four security modes defined by the Bluetooth standard. The modes vary primarily by how well they protect Bluetooth communications from potential attack.
- Security Mode 1 provides no security functionality. Security functionality (authentication and encryption) is bypassed, leaving the device and connections susceptible to attackers. In effect, Bluetooth devices in this mode are “promiscuous” and do not employ any mechanisms to prevent other Bluetooth-enabled devices from establishing connections.
- Security Modes 2 and 4 also use authentication and encryption, but only after the Bluetooth physical link has already been fully established and logical channels partially established.
- Security Mode 3 is considered the strongest mode because it requires authentication and encryption to be established before the Bluetooth physical link is completely established.
Each version of Bluetooth supports some, but not all, of these modes.
Security services[edit | edit source]
The following are the five basic security services specified in the Bluetooth standard:
- Authentication: verifying the identity of communicating devices. User authentication is not provided natively by Bluetooth.
- Confidentiality: preventing information compromise caused by eavesdropping by ensuring that only authorized devices can access and view data.
- Authorization: allowing the control of resources by ensuring that a device is authorized to use a service before permitting it to do so.
- Message Integrity: verifying that a message sent between two Bluetooth devices has not been altered in transit.
- Pairing/Bonding: creating one or more shared secret keys and the storing of these keys for use in subsequent connections to form a trusted device pair.
Because the security mechanisms implemented in Bluetooth devices tend to be trivially bypassed, such devices are vulnerable to malware through attack techniques which have been called “bluejacking” or “bluesnarfing.” A bluetooth device is most vulnerable to this type of attack when a user's connection is set to "discoverable," which allows it to be found by other nearby bluetooth devices.
The combination of a frequency-hopping scheme and radio link power control provide Bluetooth with some additional, albeit limited, protection from eavesdropping and malicious access. The frequency-hopping scheme, primarily a technique to avoid interference, makes it slightly more difficult for an adversary to locate and capture Bluetooth transmissions than transmission from direct-sequence spread spectrum technologies, like those using IEEE 802.11a/b/g. If the Bluetooth power control feature is used appropriately, any potential adversary is forced to be in relatively close proximity to pose a threat to a Bluetooth piconet, especially if the Bluetooth devices are very close to each other.
References[edit | edit source]
- The name "Bluetooth" is derived from the 10th century Danish King Harald Blatand — or Bluetooth. His efforts united warring factions in what are now the countries of Norway, Sweden, and Denmark. The Bluetooth SIG wishes that the Bluetooth wireless technology be used analogously "to allow collaboration between industries such as the computing, mobile phone and automotive markets." See Bluetooth website.
- ITL Bulletin for August 2012 (full-text).
- DHS Lexicon Terms and Definitions, at 65.
- XOWi, "Glossary of Wearable Technology Terms" (full-text).
- In the United States and Europe, Bluetooth operates at 2400 to 2483.5 MHz, divided into 79 1 MHz channels. In Japan, Bluetooth operates at 2472 to 2497 MHz.