.White PaperBluetooth Networks: Risks & Defenses The objective of this white paper is to provide an overall understanding of Bluetooth networks, examine their security features and inherent risks, and make recommendations for mitigatingrisks. 1. Understanding Bluetooth Networks Bluetooth technology is a IEEE 802.15 open standard and specification that enables short- range wireless connections between a multitude of wireless devices, including desktop and laptop computers, handhelds, PDAs, cell phones, camera phones, printers, digital cameras, headsets, keyboards, and even a computermouse. More than 250 million Bluetooth devices are in operation worldwide and this number is expected to grow to more than one billion in the next two years. Currently, there are more Bluetooth devices than wireless LAN devices in use. Bluetooth was originally architected by Ericsson Mobile Communications, which named the technology after the 10th Century Danish Viking, King Harald Blatand, also called “Bluetooth.” Today, Bluetooth technology is supported by all major companies, including IBM, Intel, Nokia, and Toshiba. A Personal Area NetworkBluetooth is also called Personal Area Network(PAN) technology. It uses a globally available, short-range digital radio band frequency forworldwide compatibility to provide a mechanism for creating small wireless networks on an ad hoc basis. Bluetooth enables fast and reliable transmission for both voice and data. Bluetooth-enabled devices allow users to eliminate cables from their digital peripherals, making cable clutter a thing of the past. Bluetooth devices can also provide a bridge to existing networks. The goal of Bluetooth is to connect different devices together, wirelessly, in a small environment, such as an office or home. Bluetooth can be used to connect almost any device to any other device, for example, to connect a PDA and a mobile phone. Bluetooth is inexpensive, takes little power to operate, and maintains a low profile. The standard effectively does the following: ¾Eliminates wires and cables between stationary and mobile devices ¾Facilitates data and voice communications ¾Offers the possibility of ad hoc networks and delivers synchronicity between personal devices Operating BandBluetooth transceivers operate in the unlicensed 2.4-GHz ISM band that is reserved forindustrial, scientific, and medical applications. This band is available in most parts of the world (varies in some countries). The band is similar to the band wireless LAN devices and other IEEE 802.11-compliant devices occupy. Table 1 summarizes the characteristics of Bluetooth networks.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
The objective of this white paper is to provide an overall understanding of Bluetooth networks,examine their security features and inherent risks, and make recommendations for mitigating
risks.
1. Understanding Bluetooth
Networks
Bluetooth technology is a IEEE 802.15 open
standard and specification that enables short-
range wireless connections between a multitudeof wireless devices, including desktop and
laptop computers, handhelds, PDAs, cell phones,
camera phones, printers, digital cameras,
headsets, keyboards, and even a computer
mouse. More than 250 million Bluetooth devices
are in operation worldwide and this number is
expected to grow to more than one billion in the
next two years. Currently, there are more
Bluetooth devices than wireless LAN devices in
use.
Bluetooth was originally architected by EricssonMobile Communications, which named the
technology after the 10th Century Danish
Viking, King Harald Blatand, also called
“Bluetooth.” Today, Bluetooth technology is
supported by all major companies, including
IBM, Intel, Nokia, and Toshiba.
A Personal Area Network Bluetooth is also called Personal Area Network
(PAN) technology. It uses a globally available,
short-range digital radio band frequency for
worldwide compatibility to provide amechanism for creating small wireless networks
on an ad hoc basis. Bluetooth enables fast and
reliable transmission for both voice and data.
Bluetooth-enabled devices allow users to
eliminate cables from their digital peripherals,
making cable clutter a thing of the past.
Bluetooth devices can also provide a bridge to
existing networks.
The goal of Bluetooth is to connect different
devices together, wirelessly, in a small
environment, such as an office or home.Bluetooth can be used to connect almost any
device to any other device, for example, to
connect a PDA and a mobile phone.
Bluetooth is inexpensive, takes little power to
operate, and maintains a low profile. The
standard effectively does the following:
¾ Eliminates wires and cables between
stationary and mobile devices
¾ Facilitates data and voice communications
¾ Offers the possibility of ad hoc networks and
delivers synchronicity between personal
devices
Operating Band Bluetooth transceivers operate in the unlicensed
2.4-GHz ISM band that is reserved for
industrial, scientific, and medical applications.
This band is available in most parts of the world
(varies in some countries). The band is similar to
www.airdefense.net 4 Copyright 2004, AirDefense, Inc.
breaking up. This technique, which consists of
skipping around the radio band 1,600 times per
second, improves the signal clarity. Also, by
limiting communication to only synchronized
devices, frequency hopping makes it slightly
more difficult for an attacker to locate the
Bluetooth transmission. This provides someadditional protection from eavesdropping and
malicious access.
3. Security Risks
How secure are Bluetooth devices that use only
available Bluetooth default security? Even when
users choose to implement Bluetooth default
security, vulnerabilities do exist that provide a
motivation for using enhanced security. Some
Bluetooth devices have serious flaws in their
authentication and data transfer mechanisms (see
table 3.)
“Though Bluetooth devices have security
features built in, most devices ship with
unsecured default configurations that create
gaping security holes.”
InStat/MicroDesign Resources
Security Issue / Vulnerability Comments
Shared master key. The Bluetooth SIG needs to develop a better broadcast keyingscheme.
No user authentication. Bluetooth only provides device authentication. Application-levelsecurity and user authentication is optional.
Eavesdropping, resulting from device key
sharing.
A hacker may be able to compromise the security, i.e., gain
unauthorized access to between two other users.
Compromise of privacy if the Bluetooth
device address (BD_ADDR) is captured andassociated with a particular user.
Once the BD_ADDR is associated with a particular user, that
user’s activities could be logged, resulting in a loss of privacy.
Device authentication is simple shared-keychallenge-response.
One-way only challenge-response authentication is subject toman-in-the middle attacks. Mutual authentication is required to
provide verification that users and the network are legitimate.
End-to-end security is not performed. Only individual links are encrypted and authenticated. Data is
decrypted at intermediate points. Application software above the
Bluetooth software can be developed.
Limited security services. Audit, non-repudiation, and other services do not exist. If needed,these can be developed at particular points in a Bluetooth network.
Viruses and DoS attacks, via the Internet
and Email.
Data is vulnerable to third-party providers.
Source: NIST
Table 3. Key Security Issues with Bluetooth Networks.