Bluetooth Security

Bluetooth Security

Bluetooth Security

· Bluetooth Technology Faces Security Threats

Today, all communication technologies are facing the issue of privacy and identity theft. Bluetooth technology is no exception. The information and data we share through these communication technologies is both private and in many cases, critically important to us.

Everyone knows that email services, company networks, and home networks all require security measures. What Bluetooth users need to realize, is: Bluetooth requires similar security measures.

Recently, Bluetooth technology has been popping up in the news. Unfortunately, most of the news involves confusion and misinformation regarding the security of Bluetooth. Recent reports have surfaced describing ways for hackers to crack Bluetooth devices security codes.

· Are the Threats Serious?

The good news: most of the recent Bluetooth security scares, like most scares, are over-dramatized and blown out of proportion. The truth is, these issues are easily combatable, and various measures are already in place to provide for the secure use of Bluetooth technology.

Yes, it is true: there have been some Bluetooth cell phones that have been hacked into. However, it is most likely the case that those who have experienced these security breaches have not taken the appropriate precautions to protect their devices.

According to the Bluetooth Special Interest Group (SIG), in order to break into a Bluetooth device, a hacker must:

  1. Force two paired Bluetooth devices to break their connection
  2. Steal the packets used to resend the PIN, then
  3. Decode the PIN

The hacker must of course be within range of the Bluetooth device and, according to the Bluetooth SIG, be using very expensive developers’ equipment. The SIG suggests users create a longer PIN (8 digit is recommended).

· The Bluetooth SIG Focuses on Security

The Bluetooth SIG is constantly improving formats for combating security threats associated with Bluetooth technology. Offering a secure method to wirelessly communicate has always been one of the key benefits of Bluetooth technology. If you look at The History of Bluetooth, you will see that offering secure data transmission was one of the core principles for its creation.

In order to lead the security effort, a group of engineers within the Bluetooth SIG formed the Bluetooth Security Experts Group. As the Bluetooth Core Specification Versions continue to advance, the Bluetooth Security Experts Group is responsible for monitoring the advancement and testing for flaws in its security.

· The Fundamentals of Bluetooth Security

One of the most basic levels of security for Bluetooth devices is the “pairing” process.

Pairing = Two or more Bluetooth devices recognize each other by the Bluetooth Profiles they share, and in most cases, both must enter the same PIN.

The Bluetooth core specifications use an encryption algorithm, which is entirely secure. Once Bluetooth devices pair with one another, they too are entirely secure.

Bluetooth devices will not communicate with each other until they have successfully paired. So, because of this pairing process and the fact that it has a short range, Bluetooth technology is considered to be fundamentally secure.

Unfortunately, as recent news has indicated, experienced hackers have come up with a way to get around this basic level of security. However, there are precautions users can take to limit the chances of their Bluetooth device from being compromised by a hacker.

· How Developers Can Provide Security

Companies who develop Bluetooth enabled products have multiple options in order to provide security. There are three security modes for connecting two Bluetooth devices:

  1. Security Mode 1: non-secure
  2. Security Mode 2: service level enforced security
  3. Security Mode 3: link level enforced security

It is the company who develops each specific Bluetooth product that decides which security modes to use. Also, the devices and services have different security levels as well. For example, devices use two levels: "trusted device" and "untrusted device". After a trusted device is connected to another device, it has unrestricted access to all services. As far as services, there are three security levels which are defined: services that require authorization and authentication, services that require authentication only and services that are open to all devices.

· Why Have There Been Security Threats?

The recent Bluetooth security threats have been isolated to Bluetooth cell phones. The issues were due to specific problems with the cell phone’s platforms. In order to solve, and prevent against further security probelems, the Bluetooth SIG and all of its members work together to discover, inspect and solve reported problems.

If there is something wrong with the actual Bluetooth specification, then the Bluetooth SIG will confront the problem directly. However, if the problem is a result of the implementation of Bluetooth technology, then the SIG will work with the specific members in order to release patches and prevent future problems from occurring.

· What is Bluejacking?

Bluejacking allows phone users to send business cards anonymously to one another using Bluetooth technology. Bluejacking does NOT involve any altercations to your phone's data. These business cards usually consist of some clever message or joke. Bluejackers are simply looking for a reaction from the recipient. To ignore bluejackers, simply reject the business card, or if you want to avoid them entirely, set your phone to non-discoverable mode

· What is Bluesnarfing?

Bluesnarfing refers to a hacker who has gained access to data, which is stored on a Bluetooth enabled phone. Bluesnarfing allows the hacker to make phone calls, send and receive text messages, read and write phonebook contacts, eavesdrop on phone conversations, and connect to the Internet. The good news is, bluesnarfing requires advanced equipment and expertise or requires the hacker to be within a 30 ft. range. If your phone is in non-discoverable mode, it becomes significantly more difficult for hackers to bluesnarf your phone. According to the Bluetooth SIG, only some older Bluetooth enabled phones are vunerable to bluesnarfing.

· What is Bluebugging?

Bluebugging refers to a skilled hacker who has accessed a cell phone's commands using Bluetooth technology without the owner's permission or knowledge. Bluebugging allows the hacker to make phone calls, send messages, read and write contacts and calendar events, eavesdrop on phone conversations, and connect to the Internet. Just like all Bluetooth attacks, the hacker must be within a 30 ft. range. Bluebugging and bluesnarfing are separate security issues, and phones that are vulnerable to one are not necessarily vulnerable to the other.

· What are Phone Manufacturers Doing to Solve These Problems?

Two of the leading cell phone manufacturers, Nokia and Sony Ericsson, have developed software patches for phones susceptible to bluesnarfing and bluebugging. Also, both manufacturers have taken great measures to ensure new phones entering the market will not be susceptible to these attacks.

· Are There Any Other Threats With Bluetooth Technology?

According to the Bluetooth SIG, bluesnarfing and bluebugging are the only known security threats. The Bluetooth SIG is constantly researching security risks associated with the technology and figure out if the risk is even possible as the technology expands and develops.

· What Can Users Do to Protect Their Data?

There are several measures users can take in order to protect their device’s information:

  1. If a phone is vulnerable to bluesnarfing or bluebugging--contact the manufacturer or take the phone to a manufacturer-authorized dealer. There are software patches available for many older Bluetooth phones.
  2. Turn the device to non-discoverable mode when not using Bluetooth technology.
  3. Never pair with unknown devices or in public places.
  4. When possible, use an eight character or more alphanumeric PIN.

Specifications about Bluetooth

Bluetooth Specifications

  • Here Are a Few Specifications From the Bluetooth SIG (Special Interest Group):

* Bluetooth devices in a piconet share a common communication data channel. The channel has a total capacity of 1 megabit per second (Mbps). Headers and handshaking information consume about 20 percent of this capacity.

* In the United States and Europe, the frequency range is 2,400 to 2,483.5 MHz, with 79 1-MHz radio frequency (RF) channels. In practice, the range is 2,402 MHz to 2,480 MHz. In Japan, the frequency range is 2,472 to 2,497 MHz with 23 1-MHz RF channels.

* A data channel hops randomly 1,600 times per second between the 79 (or 23) RF channels.

* Each channel is divided into time slots 625 microseconds long.

* A piconet has a master and up to seven slaves. The master transmits in even time slots, slaves in odd time slots.

* Packets can be up to five time slots wide.

* Data in a packet can be up to 2,745 bits in length.

* There are currently two types of data transfer between devices: SCO (synchronous connection oriented) and ACL (asynchronous connectionless).

* In a piconet, there can be up to three SCO links of 64,000 bits per second each. To avoid timing and collision problems, the SCO links use reserved slots set up by the master.

* Masters can support up to three SCO links with one, two or three slaves.

* Slots not reserved for SCO links can be used for ACL links.

* One master and slave can have a single ACL link.

* ACL is either point-to-point (master to one slave) or broadcast to all the slaves.

* ACL slaves can only transmit when requested by the master.

1:56 AM | Labels:Bluetooth,Computer Peripherals |

This entry was posted on 1:56 AM and is filed under Bluetooth and wireless technology . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

 

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Bidvertiser

Designed by Posicionamiento Web | Bloggerized by GosuBlogger | Blue Business Blogger