- summary of Bluetooth security issues and how they are overcome - Bluejacking, Bluebugging, etc..
Bluetooth security issues are an important factor with any Bluetooth device or system. As with any device these days that provide connectivity, security is an important issue.
There are a number of Bluetooth security measures that can be incorporated into Bluetooth devices to prevent various security threats that can be posed.
One of the main requirements for Bluetooth is that it should be easy to connect to other devices. However Bluetooth security needs to be balanced against the ease of use and the anticipated Bluetooth security threats.
Much work has been undertaken regarding Bluetooth security, however it remains high on the agenda so that users can use their Bluetooth devices with ease while keeping the security threats to a minimum.
Bluetooth security basics
Bluetooth security is of paramount importance as devices are susceptible to a variety of wireless and networking attacking including denial of service attacks, eavesdropping, man-in-the-middle attacks, message modification, and resource misappropriation.
Bluetooth security must also address more specific Bluetooth related attacks that target known vulnerabilities in Bluetooth implementations and specifications. These may include attacks against improperly secured Bluetooth implementations which can provide attackers with unauthorized access.
Many users may not believe there is an issue with Bluetooth security, but hackers may be able to gain access to information from phone lists to more sensitive information that others may hold on Bluetooth enabled phones and other devices.
There are three basic means of providing Bluetooth security:
- Authentication: In this process the identity of the communicating devices are verified. User authentication is not part of the main Bluetooth security elements of the specification.
- Confidentiality: This process prevents information being eavesdropped by ensuring that only authorised devices can access and view the data.
- Authorisation: This process prevents access by ensuring that a device is authorised to use a service before enabling it to do so.
Security measures provided by the Bluetooth specifications
The various versions of the specifications detail four Bluetooth security modes. Each Bluetooth device must operate in one of four modes:
- Bluetooth Security Mode 1: This mode is non-secure. The authentication and encryption functionality is bypassed and the device is susceptible to hacking. Bluetooth devices operation in Bluetooth Security Mode 1. Devices operating like this do not employ any mechanisms to prevent other Bluetooth-enabled devices from establishing connections. While it is easy to make connections, security is an issue. It may be applicable to short range devices operating in an area where other devices may not be present. Security Mode 1 is only supported up to Bluetooth 2.0 + EDR and not beyond.
- Bluetooth Security Mode 2: For this Bluetooth security mode, a centralised security manager controls access to specific services and devices. The Bluetooth security manager maintains policies for access control and interfaces with other protocols and device users.
It is possible to apply varying trust levels and policies to restrict access for applications with different security requirements, even when they operate in parallel. It is possible to grant access to some services without providing access to other services. The concept of authorisation is introduced in Bluetooth security mode 2. Using this it is possible to determine if a specific device is allowed to have access to a specific service.
Although authentication and encryption mechanisms are applicable to Bluetooth Security Mode 2, they are implemented at the LMP layer (below L2CAP).
All Bluetooth devices can support Bluetooth Security Mode 2; however, v2.1 + EDR devices can only support it for backward compatibility for earlier devices.
- Bluetooth Security Mode 3: In Bluetooth Security Mode 3, the Bluetooth device initiates security procedures before any physical link is established. In this mode, authentication and encryption are used for all connections to and from the device.
The authentication and encryption processes use a separate secret link key that is shared by paired devices, once the pairing has been established.
Bluetooth Security Mode 3 is only supported in devices that conform to Bluetooth 2.0 + EDR or earlier.
- Bluetooth Security Mode 4: Bluetooth Security Mode 4 was introduced at Bluetooth v2.1 + EDR.
In Bluetooth Security Mode 4 the security procedures are initiated after link setup. Secure Simple Pairing uses what are termed Elliptic Curve Diffie Hellman (ECDH) techniques for key exchange and link key generation.
The algorithms for device authentication and encryption algorithms are the same as those defined in Bluetooth v2.0 + EDR.
The security requirements for services protected by Security Mode 4 are as follows:
- Authenticated link key required
- Unauthenticated link key required
- No security required
Common Bluetooth security issues
There are a number of ways in which Bluetooth security can be penetrated, often because there is little security in place. The major forms of Bluetooth security problems fall into the following categories:
- Bluejacking: Bluejacking is often not a major malicious security problem, although there can be issues with it, especially as it enables someone to get their data onto another person's phone, etc. Bluejacking involves the sending of a vCard message via Bluetooth to other Bluetooth users within the locality - typically 10 metres. The aim is that the recipient will not realise what the message is and allow it into their address book. Thereafter messages might be automatically opened because they have come from a supposedly known contact
- Bluebugging: This more of an issue. This form of Bluetooth security issue allows hackers to remotely access a phone and use its features. This may include placing calls and sending text messages while the owner does not realise that the phone has been taken over.
- Car Whispering: This involves the use of software that allows hackers to send and receive audio to and from a Bluetooth enabled car stereo system
In order to protect against these and other forms of vulnerability, the manufacturers of Bluetooth enabled devices are upgrading he security to ensure that these Bluetooth security lapses do not arise with their products.
By Ian Poole
Share this page
Want more like this? Register for our newsletter