Bluetooth
Bluetooth is a radio-based wireless technology designed to implement short-range personal area networking.
- used to
- connect peripheral devices to PCs and mobile devices
- share data between two systems
- uses radio communications and supports speeds of up to 3 Mbps
- Adapters supporting version 3 or 4 of the standard can achieve faster rates (up to 24 Mbps) through the ability to negotiate an 802.11 radio link for large file transfers
- The earliest Bluetooth version supports a maximum range of 10 m (30 feet)
- newer versions support a range of over 100 feet
- though signal strength will be weak at this distance
- Bluetooth devices can use a pairing procedure to authenticate and exchange data securely
- Version 4 introduced a Bluetooth Low Energy (BLE) variant of the standard
- designed for small battery-powered devices that transmit small amounts of data infrequently
- BLE device remains in a low power state until a monitor application initiates a connection
- not backwards compatible with “classic” Bluetooth, though a device can support both standards simultaneously
Bluetooth Connections
Enabling Bluetooth
- enable via device settings
- device name is public
Enable Pairing
- Bluetooth radio on each device must be put into discoverable or pairing mode
- toggled within settings
- settings page will show a list of nearby Bluetooth-enabled devices that are also in discoverable mode
- Select a device
- pairing system should automatically generate a passkey or PIN code when a connection request is received
- Input or confirm the key on the destination device, and accept the connection
Test Bluetooth Connection
- simply try using the device
- if you cannot connect a device
- check that both have been made discoverable
- check the pairing list regularly to confirm that the devices listed are valid
Security
Security Issues
- Device Discovery
- is when a device can be put into discoverable mode
- it will connect to any other Bluetooth devices nearby
- even a device in non-discoverable mode can still be detected
- is when a device can be put into discoverable mode
- Authentication and Authorization
- is when devices authenticate (“pair”) using a simple passkey configured on both devices
- should always be changed to some secure phrase
- never left as the default
- device’s pairing list should be regularly checked to confirm that the devices listed are valid
- Malware
- proof-of-concept Bluetooth worms and application exploits
- e.g., BlueBorne exploit (armis.com/blueborne)
- can compromise any active and unpatched system regardless of whether discovery is enabled and without requiring any user intervention
- e.g., BlueBorne exploit (armis.com/blueborne)
- are vulnerabilities in the authentication schemes of many devices
- Keep devices updated with the latest firmware
- proof-of-concept Bluetooth worms and application exploits
- Bluejacking
- Sending an unsolicited message or picture message using a Bluetooth connection
- discoverable device is vulnerable unless device authentication is configured
- Bluesnarfing
- A wireless attack where an attacker gains access to unauthorized information on a device using a Bluetooth connection
- allows attackers to circumvent the authentication mechanism
- four-digit PIN code is vulnerable to brute force password guessing
- Risky connections
- risks come from the device being connected to another device
- device with malicious firmware can be used to launch highly effective attacks
- low likelihood
- demanding resources are required to craft such malicious peripherals
Warning
Using a control center toggle may not actually turn off the Bluetooth radio on a mobile device.
If there is any doubt about patch status or exposure to vulnerabilities, Bluetooth should be fully disabled through device settings.
Bluetooth Security Features
| Feature | Description |
|---|---|
| Pairing and Authentication | During pairing, devices exchange cryptographic keys to authenticate each other’s identity and establish a secure communication channel. Pairing is accomplished using various methods, such as numeric comparison, passkey entry, or out-of-band (OOB) authentication. |
| Bluetooth Permissions | Bluetooth generally requires user consent or permission to connect and access specific services. Users can control which devices connect to their Bluetooth-enabled devices and manage permissions to prevent unauthorized access. |
| Encryption | Bluetooth employs encryption algorithms to protect data transmitted between devices. Once pairing is complete, Bluetooth devices use a shared secret key to encrypt data packets. |
| Bluetooth Secure Connections (BSC) | Introduced in Bluetooth 4.0, BSC offers increased resistance against eavesdropping, on-path attacks, and unauthorized access. |
| Bluetooth Low Energy (BLE) Privacy | BLE is a power-efficient version of Bluetooth that uses randomly generated device addresses that periodically change to prevent tracking and unauthorized identification of BLE devices. |