Bluetooth Security
From Computing and Software Wiki
(New page: "work in progress" ---- An untitled introductory section that gives an overview of the topic. An image related to the topic. Sections that expand upon the information given in the intr...) |
|||
Line 3: | Line 3: | ||
---- | ---- | ||
- | + | The Bluetooth was first defined in 1994 by Jaap Haartsen and Sven Mattisson in Lund, Sweden. Later the specification was formalized and announced on May 20, 1998. Since its first version, the Bluetooth technology has faced numerous major security concerns which have threatened user privacy over the last decade. With its latest specification, v2.1, most of concerns are now corrected and fixed, though it always has been and is an "on-going process" [[http://www.bluetooth.com/Bluetooth/Technology/Works/Security/ 2]] | |
+ | |||
+ | It is crucial for end users to recognize the importance of the Bluetooth security, and exercise every security measure to achieve user privacy. | ||
An image related to the topic. | An image related to the topic. | ||
- | |||
- | == | + | <br><br> |
+ | == Brief description of Bluetooth == | ||
+ | Bluetooth technology provides an easy access to wireless communication between two Bluetooth devices within 10~100m range. After years of development the final Bluetooth technology uses the free and globally available 2.4GHz Industrial-Scientific-Medical (ISM) radio band, unlicensed for low-power use, and allows to share data with throughput up to 723.2 Kbps, or 2.1Mbps with the new Enhanced Data Rate specification already released in 2005. [[http://www.securityfocus.com/infocus/1830 4]] | ||
- | == | + | == Overview of the Bluetooth Security Concern == |
+ | The "Bluetooth implements confidentiality, authentication and key derivation with custom algorithms based on the SAFER+ block cipher." However it is inevitable for the technology (as they all do) to suffer from security threats as they innovates. Major cell-phone companies have had admitted faulty or unsafe Bluetooth implementations, and still at this very moment, it is quite easy to search for Bluetooth hacking mechanisms on the Internet. For the sake of keeping privacy safe, users need to be aware of most, if not all, possible security threats. | ||
- | == | + | == Basic Built-in (Available) Security Features == |
+ | === Three levels of security modes === | ||
+ | By its specification, Bluetooth offers three modes of security: | ||
+ | * Security Mode 1: non-secure | ||
+ | * Security Mode 2: service level enforced security | ||
+ | * Security Mode 3: link(device) level enforced security | ||
+ | At its highest, the security mode requires authorization and authenticaion (identification) of the device being connected from and to. | ||
+ | === Non-discoverable mode === | ||
+ | Well-known security mechanism which prevents Bluetooth devices from appearing on the list during a Bluetooth device search process. Though it may still appear visible to those who have already communicated with each other at least once before, this feature should prevent most high profile attacks. | ||
+ | |||
+ | |||
+ | == Known Bluetooth Security Holes == | ||
+ | === Brute force Bluetooth address discovery === | ||
+ | Although user can choose to put the Bluetooth device "undiscoverable", malicious hackers may still be able to discover those hidden devices through brute force Bluetooth address discovery. In fact, applications such as RedFang by Ollie Whitehouse tries connecting to Bluetooth address one by one until finally a hidden device responds to the request. | ||
+ | |||
+ | Apparently, each Bluetooth device is assigned with an address of which many fields are already predefined based on its manufacturers, device type, and device model. For instance, most Sony Ericsson P900 cell phones start with the 7 Hex digits 00:0A:D9:E. Moreover, some P900 phones have been found to have same Bluetooth address, 11:11:11:50:11:11. [[http://www.securityfocus.com/infocus/1830 4]] Following such patterns, brute force address search becomes rather simpler as most of fields can be predicted in advance. | ||
+ | |||
+ | === Bluejacking === | ||
+ | Bluejacking involves 'bluejackers' sending a text message, images or sounds to 'bluejacked' Bluetooth device. Upon receiving the vCard, the unsuspecting user may accept the message, thus automatically add the contact to his address book. This results in 'bluejackers' to become a legitimate sender, and all further messages from these 'bluejackers' are opened up automatically despite user's interests. | ||
+ | |||
+ | === Bluesnarfing === | ||
+ | Bluesnarfing works in the same way how bluejacking works. Through OBEX protocol, the bluesnarfing software connects to the target Bluetooth device and pulls phonebook files or the calendar files. While bluesnarfed Bluetooth devices are at risk of privacy invasion, the damage is much more damaging then the bluejacking. [[http://www.wirelessnetdesignline.com/showArticle.jhtml?articleID=192200279 7]] | ||
+ | |||
+ | === Bluebugging === | ||
+ | Simply put, bluebugging (if happens) allows complete takeover of the target Bluetooth device. Due to faulty implementations, early Bluetooth equipped phones suffered from this vulnerability, and most have been corrected after firmware upgrades. [[http://www.wirelessnetdesignline.com/showArticle.jhtml?articleID=192200279 7]] | ||
+ | |||
+ | === PIN Cracking === | ||
+ | Previously, it has been suggested that a "sniffer" could monitor traffic between Bluetooth devices and recover a user PIN. "A sniffer records Bluetooth packets and can decode the packets to determine the information contained in them." [[http://www.wirelessnetdesignline.com/showArticle.jhtml?articleID=192200279 7]] The PIN cracking process becomes much simpler and faster when relatively short (say 4 digit) PINs are chosen. | ||
+ | |||
+ | |||
+ | == History of Security Concerns == | ||
+ | Since 2003, there have been major Bluetooth security concerns due to its specifications and incorrect implementations. Please refer to 'History of security concerns' of Bluetooth on Wikipedia. [[http://en.wikipedia.org/wiki/Bluetooth 1]] | ||
+ | |||
+ | |||
+ | == Raising Awareness == | ||
+ | The Bluetooth Special Interest Group (SIG) is a privately held, not-for-profit trade association. As the SIG puts it, | ||
+ | "The reality is the encryption algorithm in the Bluetooth specifications is secure." ... "Cases where data has been compromised on mobile phones are the result of implementation issues." [[http://www.bluetooth.com/Bluetooth/Technology/Works/Security/ 2]] | ||
+ | |||
+ | "If it is a specification issue, we work with members to create patches and ensure future devices don't suffer the same vulnerability. This is an on-going process. The recently reported issues of advanced "hackers" gaining access to information stored on select mobile phones using Bluetooth functionality are due to incorrect implementation." [[http://www.bluetooth.com/Bluetooth/Technology/Works/Security/ 2]] | ||
+ | |||
+ | At the same time, SIG and all manufacturers of Bluetooth devices are working together to ensure safety of using such technology and to create the preferred wireless technology to connect diverse devices. | ||
+ | |||
+ | |||
+ | == References == | ||
+ | # Bluetooth. Retrieved on April 5, 2008, from <[http://en.wikipedia.org/wiki/Bluetooth http://en.wikipedia.org/wiki/Bluetooth]> | ||
+ | # Bluetooth Security. Retrieved on April 5, 2008, from <[http://www.bluetooth.com/Bluetooth/Technology/Works/Security/ http://www.bluetooth.com/Bluetooth/Technology/Works/Security/]> | ||
+ | # How Bluetooth Works. Retrieved on April 5, 2008, from <[http://electronics.howstuffworks.com/bluetooth.htm http://electronics.howstuffworks.com/bluetooth.htm]> | ||
+ | # Bluetooth Security Review, Part 1. Retrieved on April 5, 2008, from <[http://www.securityfocus.com/infocus/1830 http://www.securityfocus.com/infocus/1830]> | ||
+ | # Bluetooth Security Review, Part 1. Retrieved on April 5, 2008, from <[http://www.securityfocus.com/infocus/1836 http://www.securityfocus.com/infocus/1836]> | ||
+ | # Bluejacking. Retrieved on April 6, 2008, from <[http://en.wikipedia.org/wiki/Bluejacking http://en.wikipedia.org/wiki/Bluejacking]> | ||
+ | # The Bluejacking, Bluesnarfing, Bluebugging Blues: Bluetooth Faces Perception of Vulnerability. Retrieved on April 6, 2008, from <[http://www.wirelessnetdesignline.com/showArticle.jhtml?articleID=192200279 http://www.wirelessnetdesignline.com/showArticle.jhtml?articleID=192200279]> | ||
+ | # OBEX Protocol. Retrieved on April 6, 2008, from <[http://en.wikipedia.org/wiki/OBEX http://en.wikipedia.org/wiki/OBEX]> | ||
+ | |||
+ | == See Also == | ||
+ | * [http://en.wikipedia.org/wiki/Wireless_security Wireless Security]<br> | ||
+ | * [http://www.networkintrusion.co.uk/bluetooth.htm Bluetooth Scanners]<br> | ||
+ | * [http://electronics.howstuffworks.com/cell-phone-virus.htm How Cell-phone Viruses Work]<br> | ||
+ | * [http://www.bluetooth.com/Bluetooth/SIG/ SIG, Who We Are]<br> | ||
+ | |||
+ | == External Links == | ||
+ | * [http://www.bluejackq.com/ bluejack Q]<br> | ||
+ | * [http://www.webopedia.com/TERM/b/bluebugging.htm What is bluebugging?]<br> | ||
+ | * [http://www.bluetomorrow.com/content/section/177/281/ Bluetooth Security (Part 4)]<br> | ||
---- | ---- | ||
- | Last revised: [[User:Parkhb|Parkhb]] | + | Last revised: [[User:Parkhb|Parkhb]] 13:39, 6 April 2008 (EDT) |
Revision as of 17:39, 6 April 2008
"work in progress"
The Bluetooth was first defined in 1994 by Jaap Haartsen and Sven Mattisson in Lund, Sweden. Later the specification was formalized and announced on May 20, 1998. Since its first version, the Bluetooth technology has faced numerous major security concerns which have threatened user privacy over the last decade. With its latest specification, v2.1, most of concerns are now corrected and fixed, though it always has been and is an "on-going process" [2]
It is crucial for end users to recognize the importance of the Bluetooth security, and exercise every security measure to achieve user privacy.
An image related to the topic.
Contents |
Brief description of Bluetooth
Bluetooth technology provides an easy access to wireless communication between two Bluetooth devices within 10~100m range. After years of development the final Bluetooth technology uses the free and globally available 2.4GHz Industrial-Scientific-Medical (ISM) radio band, unlicensed for low-power use, and allows to share data with throughput up to 723.2 Kbps, or 2.1Mbps with the new Enhanced Data Rate specification already released in 2005. [4]
Overview of the Bluetooth Security Concern
The "Bluetooth implements confidentiality, authentication and key derivation with custom algorithms based on the SAFER+ block cipher." However it is inevitable for the technology (as they all do) to suffer from security threats as they innovates. Major cell-phone companies have had admitted faulty or unsafe Bluetooth implementations, and still at this very moment, it is quite easy to search for Bluetooth hacking mechanisms on the Internet. For the sake of keeping privacy safe, users need to be aware of most, if not all, possible security threats.
Basic Built-in (Available) Security Features
Three levels of security modes
By its specification, Bluetooth offers three modes of security:
- Security Mode 1: non-secure
- Security Mode 2: service level enforced security
- Security Mode 3: link(device) level enforced security
At its highest, the security mode requires authorization and authenticaion (identification) of the device being connected from and to.
Non-discoverable mode
Well-known security mechanism which prevents Bluetooth devices from appearing on the list during a Bluetooth device search process. Though it may still appear visible to those who have already communicated with each other at least once before, this feature should prevent most high profile attacks.
Known Bluetooth Security Holes
Brute force Bluetooth address discovery
Although user can choose to put the Bluetooth device "undiscoverable", malicious hackers may still be able to discover those hidden devices through brute force Bluetooth address discovery. In fact, applications such as RedFang by Ollie Whitehouse tries connecting to Bluetooth address one by one until finally a hidden device responds to the request.
Apparently, each Bluetooth device is assigned with an address of which many fields are already predefined based on its manufacturers, device type, and device model. For instance, most Sony Ericsson P900 cell phones start with the 7 Hex digits 00:0A:D9:E. Moreover, some P900 phones have been found to have same Bluetooth address, 11:11:11:50:11:11. [4] Following such patterns, brute force address search becomes rather simpler as most of fields can be predicted in advance.
Bluejacking
Bluejacking involves 'bluejackers' sending a text message, images or sounds to 'bluejacked' Bluetooth device. Upon receiving the vCard, the unsuspecting user may accept the message, thus automatically add the contact to his address book. This results in 'bluejackers' to become a legitimate sender, and all further messages from these 'bluejackers' are opened up automatically despite user's interests.
Bluesnarfing
Bluesnarfing works in the same way how bluejacking works. Through OBEX protocol, the bluesnarfing software connects to the target Bluetooth device and pulls phonebook files or the calendar files. While bluesnarfed Bluetooth devices are at risk of privacy invasion, the damage is much more damaging then the bluejacking. [7]
Bluebugging
Simply put, bluebugging (if happens) allows complete takeover of the target Bluetooth device. Due to faulty implementations, early Bluetooth equipped phones suffered from this vulnerability, and most have been corrected after firmware upgrades. [7]
PIN Cracking
Previously, it has been suggested that a "sniffer" could monitor traffic between Bluetooth devices and recover a user PIN. "A sniffer records Bluetooth packets and can decode the packets to determine the information contained in them." [7] The PIN cracking process becomes much simpler and faster when relatively short (say 4 digit) PINs are chosen.
History of Security Concerns
Since 2003, there have been major Bluetooth security concerns due to its specifications and incorrect implementations. Please refer to 'History of security concerns' of Bluetooth on Wikipedia. [1]
Raising Awareness
The Bluetooth Special Interest Group (SIG) is a privately held, not-for-profit trade association. As the SIG puts it, "The reality is the encryption algorithm in the Bluetooth specifications is secure." ... "Cases where data has been compromised on mobile phones are the result of implementation issues." [2]
"If it is a specification issue, we work with members to create patches and ensure future devices don't suffer the same vulnerability. This is an on-going process. The recently reported issues of advanced "hackers" gaining access to information stored on select mobile phones using Bluetooth functionality are due to incorrect implementation." [2]
At the same time, SIG and all manufacturers of Bluetooth devices are working together to ensure safety of using such technology and to create the preferred wireless technology to connect diverse devices.
References
- Bluetooth. Retrieved on April 5, 2008, from <http://en.wikipedia.org/wiki/Bluetooth>
- Bluetooth Security. Retrieved on April 5, 2008, from <http://www.bluetooth.com/Bluetooth/Technology/Works/Security/>
- How Bluetooth Works. Retrieved on April 5, 2008, from <http://electronics.howstuffworks.com/bluetooth.htm>
- Bluetooth Security Review, Part 1. Retrieved on April 5, 2008, from <http://www.securityfocus.com/infocus/1830>
- Bluetooth Security Review, Part 1. Retrieved on April 5, 2008, from <http://www.securityfocus.com/infocus/1836>
- Bluejacking. Retrieved on April 6, 2008, from <http://en.wikipedia.org/wiki/Bluejacking>
- The Bluejacking, Bluesnarfing, Bluebugging Blues: Bluetooth Faces Perception of Vulnerability. Retrieved on April 6, 2008, from <http://www.wirelessnetdesignline.com/showArticle.jhtml?articleID=192200279>
- OBEX Protocol. Retrieved on April 6, 2008, from <http://en.wikipedia.org/wiki/OBEX>
See Also
External Links
Last revised: Parkhb 13:39, 6 April 2008 (EDT)