Bluetooth – No Guts
N Gl
No
Glory!!
Jeff Dowley
[email protected]
Overview
•
•
•
•
•
What is Bluetooth?
How does it work?
What are the different types
yp of Bluetooth?
What can you do with Bluetooth?
What are the predictions for next generation
d
devices
and
d uses?
• What are the security issues of Bluetooth?
What is Bluetooth?
• Bluetooth wireless technology is built into
electronic gadgets and lets you share
information like voice, music, and videos
wirelessly.
i l l
– 1st hoped to replace wires on phone, small
electronics
• 2.4 Ghz and 5.0 GHz Radio waves, not infrared or laser. Design goal is up to 10 meters
(33 ft) for
f a Cl
Class 2 (2.5mW)
(2 5 W) device
d i
– 1st discovered by the military in the 1940's
1940 s
– Bluetooth invented in 1994 at Ericsson
(Sweden), in 98 a SIG was started
– Named after a 10th C Danish king that was
a uniter of Scandinavian lands
• PAN - personal Area Network
– 7 nodes with 16.7M slaves?
• Bluetooth PAN moves with you - no other
infrastructure or access point needed
• Pairing - connecting 2 Bluetooth devices
– Multiple devices can pair at the same time
– Legacy
g y pairing
p
g - each device uses a PIN
code which must match to pair
• PIN can be up to a 16-byte UTF-8 string
• But usually 4 digit number
• Bluetooth chips cost less than $3
How does it work?
The protocol operates in the license-free
ISM band at 2.402-2.480 GHz.[28] To
avoid interfering
g with other protocols
p
that use the 2.45 GHz band, the
Bluetooth protocol divides the band into
79 channels (each 1 MHz wide) and
changes channels up to 1600 times per
second.
second
Implementations with versions 1
1.1
1 and
1.2 reach speeds of 723.1 kbit/s.
Version 2
2.0
0 implementations feature
Bluetooth Enhanced Data Rate (EDR)
and reach 2.1 Mbit/s.
Technically, version 2.0 devices have a
higher power consumption, but the
three times faster rate reduces the
transmission times, effectively reducing
power consumption
ti to
t h
half
lf th
thatt off 1
1.x
devices (assuming equal traffic load).
• Bluetooth powered by a PC can reach up to
100m if it is a Class 1 transmitter (100mW)
– If a class 2 device pairs with a class 1
device, it may have a longer range than a
pure class 2 pair
• Bluetooth sniping with class 2 and special
antennas lead to a record of 1.08 miles for a
connection
• SDP (Service discovery protocol)
• Allows a device to discover services support by
other devices, and their associated
parameters. For example, when connecting a
mobile phone to a Bluetooth headset, SDP will
be used for
o dete
determining
g which
c Bluetooth
uetoot
profiles are supported by the headset
(Headset Profile, Hands Free Profile, Advanced
Audio Distribution Profile (A2DP) etc.)
etc ) and the
protocol multiplexer settings needed to
connect to each of them. Each service is
identified by a Universally Unique Identifier
(UUID), with official services (Bluetooth
profiles)) assigned
p
g
a short form UUID (16
( bits
rather than the full 128)
Bluetooth – many flavors – 1st byte
• Who
Who'ss in charge of the spec?
– Bluetooth SIG
• Bluetooth v2.0 + EDR (enhanced data rate) Nov 2004
–
–
–
–
1-3Mbps over the air
0 7 2 1Mbps device to device
0.7-2.1Mbps
Up to 3x faster than spec 1.2
Extended Inquiry
q y response
p
(EIR)
(
) - better info
to use when allowing to pair or deny pairing of
devices
– Rare to be slowed by # of active
devices (unlike Wi-Fi)
– Either 64bit or 128bit securityy layer
y
– 100ms Latency
– Uses less p
power than v1.2 - byy reducing
g
the duty-cycle
• Phones
• Bluetooth v2
v2.1
1 + EDR - July 2007
• Introduces new pairing paradigm
– Secure Simple
p Pairing
g (SSP)
(
)
•
•
•
•
Uses public key cryptography
Just works - ex are headsets (no keypad)
Numeric comparison - Matched 6-digit PIN
Passkey entry and Out of band
• Sniff subrating - lowers power use by
negotiating as infrequent as 10 sec between
polls
• Example hardware:
– Wii, PS3, and PSP Go wireless game
controllers
• (MoGo Mouse X54 Pro) for
ExpressCard/54 Laptops
Experience Icons
• Bluetooth Experience Icons help you
easily identify and buy compatible
products that use Bluetooth wireless
technology.
gy The Icons make it simple
p to
understand what a Bluetooth enabled
device can do and how it will work with
other
th devices
d i
for
f printing,
i ti
file
fil
transferring, listening to stereo audio
and more.
more
• Headset
• Music
• Print
P int
• Input
I
t
• Transfer
Bluetooth for today – v3.0 + HS
• Ratified in Apr 2009
• Uses 2.4 and 5.0 GHz
• Main feature is AMP - alternate MAC/PHY
/
- this
allows using WiFi
• Connection is set up and negotiated over
Bluetooth std
• Bluetooth using secondary (Wi-Fi) radio
alreadyy in a device
• OTA data rate: up to 54Mbps
• Application throughput: up to 24Mbps
• 128bit AES security layer
• Only uses Wi-Fi when needed and isn't
announced when not needed
• Saves on power use
• More secure
• Less than 100ms latency
• Lower power consumption than
Bluetooth v2.1
• Enhanced power control
Cool 3.0
3 0 + HS examples
• Bulk data transfer = updating your iPod
music catalog
• Send photos to a printer w/o
intermediate steps
• Video streaming
• Send video from video cam corder to
your TV
• To role player googles? - imersion
Bluetooth for tomorrow – v4.0 & LEP
• New Bluetooth Core Specification v4
v4.0
0
– Adopted 17dec09
– Class 3 (1mW)
(
)
• Low energy protocols
– Way to tie your phone to you via a 'key fob'
l k device
like
d
– Way to tether a kid to being near you - else
a warning beep for out of range
– Create a link between you and work out
monitors(pulse, pedometers, etc)
– 1st products before end of '10
10
– Coin cell batteries may last for years of use
(like garage door openers?)
• Examples of 4.0 devices:
– Expected use cases include watches
displaying Caller ID information, sports
sensors monitoring the wearer's heart
rate during exercise,
exercise and medical
devices.
– The Medical Devices Working
g Group
p is
also creating a medical devices profile
and associated protocols to enable this
market.
k t
- Bluetooth low energy technology is
designed for devices to have a battery
life of up
p to one year.
y
• May need to install Bluetooth sw stack
to g
get BT between PC and device
– Bluetooth not built in to Windows XP
• Added to SP2
Security – everybody’s favorite!
Safe Bluetooth recommendations
• Don't link to unknown Bluetooth devices
• Do change
g the default name used to broadcast
your Bluetooth status
• It could keep someone from knowing your
device's weakness
• You may want to consider AV sw for your
p
phone/pda/device
/p /
• Do change the pairing code (PIN) away from
default
• Remember to delete any access if a Bluetooth
device is lost
• Bluecasting - a Bluetooth server in a
bluetooth kiosk sends data to passers-by
• Temples
p
in India can offer ringtones,
g
, wallpaper
p p
images of deity's, etc
• Could lead to Bluejacking - the sending
of unsolicited messages over Bluetooth (c
2003)
– Bar room prank
– Guerrilla advertizing campaigns
• Used to be only text, but can now be any kind
of file
– Ex: vBusiness cards
• Example programs are bluesniff,
bluesniff bloover
Could lead to Bluesnarfing - the unauthorized
access of information from a wireless device
through a Bluetooth connection
– No known code doing this at this time mo e se
more
serious
io s than Bl
Bluejacking
ejacking
– A hole in the original Bluetooth std allowed
p
this,, but has since been patched
Could lead to Bluebugging - more of a social
networking thing - cons user into pairing with
a hacker's device - which then could use your
d i without
device
ith t your approvall (c
( 2004)
– takes control of your device and can either
listen
ste in o
or make
a e ca
calls,
s, etc (c 2004)
00 )
• There have been real viruses aimed at
Bluetooth, but for the most part few of them
h
have
been
b
in
i the
th wild
ild (Lasco.A,
(L
A 29A,
29A
velasco.sis file, cabir worm)
• One use of auto linking was for thieves to scan
locked cars in parking lots to look for laptops
and other devices inside and worth stealing
Tips to protect your data
• Non-Discoverable Mode
– To prevent others from seeing your
device, you can set it to a nondiscoverable mode. You can still use
your Bluetooth services, like talking on a
headset, but your device will not be
found by other Bluetooth devices.
devices
• Only Pair with Known Devices
– Don't
Don t "pair"
pair with unknown devices.
devices Just
like you would not open your door to a
stranger,
g , do not accept
p content or pair
p
with devices from unknown users.
• Change your PIN
– Pair your device in private to make the
permanent connection. And if your device
comes with
ith a default
d f lt Personal
P
l Identification
Id tifi ti
Number (PIN), change it to only one you know.
• May want to keep Bluetooth off on phones to
save on battery life
The End