Bluetooth has been around for a decade and is another relatively short range wireless technology that is used to transfer data between a computer and mobile phones, BlackBerry’s or Personal Digital Assistants (PDA). 

It works in the same 2.4 GHz range as 802.11b and 802.11g wireless networks and uses 79 disparate frequencies which it hops across at 1,600 times per second. Its maximum data transfer rate is can be up to 3Mb/s and has a usual indoor range between 10-100m.

Figure 1 Bluetooth Classes [1]

Bluetooth devices that communicate with each other (pairing) are said to form a piconet, one device being the master whom all communications must pass through, the others the slaves with a maximum of 7 total devices. 

A scatternet is formed by joining together 2 such piconets, which also has the benefit of extending Bluetooths maximum range. Bluetooth allows both data (Figure 3a) and two-way voice links (Figure 3b) to be formed dependent on how the scatternet is utilised. [2]

Figure 2 Bluetooth Topology [2]

Bluetooth devices can have different security levels:

·         Silent – Never accepts connections.

·         Private – No-discoverable, only accessible if their Bluetooth Device Address is known.

·         Public – Discoverable and allows connections.

Coupled with these levels devices have three possible security modes:

·         Nonsecure – No security enforced.

·         Service-level enforced – A Non-secure asynchronous connection-less link is established; security is optionally established when certain requests are made.

·         Link-level enforced – Security enabled when a connection is established using Logical Link Control and Adaptation Protocol (L2CAP). [2]

Bluetooth Vulnerabilities 

A number of vulnerabilities affect Bluetooth notably:

• Blue-Jacking – Exploits Bluetooths “discovery” mechanism to send unsolicited anonymous messages to other devices.

• Blue-Snarfing/Stumbling – Silently, without the owners knowledge, connecting to another device, usually to access and copy data i.e. address book, calendar.

• Blue-Bugging – Serial connections made to other devices give the ability to control data services i.e. send/receive messages, make calls etc.

• Eavesdropping – Using Bluetooth to listen in to private communications.

• DoS – Intended to cause the device/service to crash/reboot.

• Viruses/Trojans/Worms – Infects devices and potentially cause harm to them, alternatively can be used to create wireless botnets that can be used for DoS attacks [3][4]

• War Nibbling – Using software mapping devices within an organisation attempting to enumerate:

Discoverable Devices,

Non-discoverable devices,

Service Information. [1]

Bluetooth Countermeasures

Effective countermeasures against Bluetooth hacking includes:

• Patching.

• Antivirus Mechanisms - Increase installed software diversity in devices slows the spread of worms etc. The use of counter-worms and segregation of infected devices may also play some part to guard against virus attack. [5]

• User Education – Alert users to the dangers involved in using Bluetooth.

• Deactivation – Switch off Bluetooth when not required.

• Hiding – Disable discovery on all devices.

• Firewalls – Utilisation of personal firewalls may give added protection for certain devices.

• Configuration Settings – Default settings should be changed especially the device name.

• PINS – Long and frequently changed PINS should be utilised to give added protection when “pairing”, in addition this should not be done in a public place.

• Security Policy – Effective, enforced and regularly reviewed.

• Scanners – Regular sweeps of areas may be able to identify rogue devices, identify devices that are enabled that should not be. [4]

• Encryption – Where possible encryption is to be utilised to protect communications.  This may need to be carried out higher up the protocol stack.

• Audit – Regular reviews of the Windows registry may give indications of unauthorised access by illegal pairing with rogue devices.

• Bluetooth Honeypots – Similar to WLAN. [1]

References:

1.    Kleinschmidt, John et al, (2006) “RFID Security” Syngress

2.    Sanghera, Paul et al, (2007) “How to cheat at – Deploying and securing RFID” Syngress.

3.    RFIDVirus.org, (2006) “RFID Viruses and Worms” Available online from: http://www.rfidvirus.org/vulnerabilities.html  [Accessed 24 Oct 09]

4.    Hernacki, Brian, (2006) “Improving Bluetooth Security: What IT Managers and Mobile Users Can Do” Telephone and Network Security Sep/Oct 2006

5.    Guanhua, Yan , Eidenbenz, Stephan (2006) “Bluetooth Worms: Models, Dynamics, and Defense Implications”  22nd Annual Computer Security Applications  Conference (ACSAC'06) December 2006 pp. 245-256