Bluetooth – No Guts N Gl No Glory!! Jeff Dowley [email protected] Overview • • • • • What is Bluetooth? How does it work? What are the different types yp of Bluetooth? What can you do with Bluetooth? What are the predictions for next generation d devices and d uses? • What are the security issues of Bluetooth? What is Bluetooth? • Bluetooth wireless technology is built into electronic gadgets and lets you share information like voice, music, and videos wirelessly. i l l – 1st hoped to replace wires on phone, small electronics • 2.4 Ghz and 5.0 GHz Radio waves, not infrared or laser. Design goal is up to 10 meters (33 ft) for f a Cl Class 2 (2.5mW) (2 5 W) device d i – 1st discovered by the military in the 1940's 1940 s – Bluetooth invented in 1994 at Ericsson (Sweden), in 98 a SIG was started – Named after a 10th C Danish king that was a uniter of Scandinavian lands • PAN - personal Area Network – 7 nodes with 16.7M slaves? • Bluetooth PAN moves with you - no other infrastructure or access point needed • Pairing - connecting 2 Bluetooth devices – Multiple devices can pair at the same time – Legacy g y pairing p g - each device uses a PIN code which must match to pair • PIN can be up to a 16-byte UTF-8 string • But usually 4 digit number • Bluetooth chips cost less than $3 How does it work? The protocol operates in the license-free ISM band at 2.402-2.480 GHz.[28] To avoid interfering g with other protocols p that use the 2.45 GHz band, the Bluetooth protocol divides the band into 79 channels (each 1 MHz wide) and changes channels up to 1600 times per second. second Implementations with versions 1 1.1 1 and 1.2 reach speeds of 723.1 kbit/s. Version 2 2.0 0 implementations feature Bluetooth Enhanced Data Rate (EDR) and reach 2.1 Mbit/s. Technically, version 2.0 devices have a higher power consumption, but the three times faster rate reduces the transmission times, effectively reducing power consumption ti to t h half lf th thatt off 1 1.x devices (assuming equal traffic load). • Bluetooth powered by a PC can reach up to 100m if it is a Class 1 transmitter (100mW) – If a class 2 device pairs with a class 1 device, it may have a longer range than a pure class 2 pair • Bluetooth sniping with class 2 and special antennas lead to a record of 1.08 miles for a connection • SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and their associated parameters. For example, when connecting a mobile phone to a Bluetooth headset, SDP will be used for o dete determining g which c Bluetooth uetoot profiles are supported by the headset (Headset Profile, Hands Free Profile, Advanced Audio Distribution Profile (A2DP) etc.) etc ) and the protocol multiplexer settings needed to connect to each of them. Each service is identified by a Universally Unique Identifier (UUID), with official services (Bluetooth profiles)) assigned p g a short form UUID (16 ( bits rather than the full 128) Bluetooth – many flavors – 1st byte • Who Who'ss in charge of the spec? – Bluetooth SIG • Bluetooth v2.0 + EDR (enhanced data rate) Nov 2004 – – – – 1-3Mbps over the air 0 7 2 1Mbps device to device 0.7-2.1Mbps Up to 3x faster than spec 1.2 Extended Inquiry q y response p (EIR) ( ) - better info to use when allowing to pair or deny pairing of devices – Rare to be slowed by # of active devices (unlike Wi-Fi) – Either 64bit or 128bit securityy layer y – 100ms Latency – Uses less p power than v1.2 - byy reducing g the duty-cycle • Phones • Bluetooth v2 v2.1 1 + EDR - July 2007 • Introduces new pairing paradigm – Secure Simple p Pairing g (SSP) ( ) • • • • Uses public key cryptography Just works - ex are headsets (no keypad) Numeric comparison - Matched 6-digit PIN Passkey entry and Out of band • Sniff subrating - lowers power use by negotiating as infrequent as 10 sec between polls • Example hardware: – Wii, PS3, and PSP Go wireless game controllers • (MoGo Mouse X54 Pro) for ExpressCard/54 Laptops Experience Icons • Bluetooth Experience Icons help you easily identify and buy compatible products that use Bluetooth wireless technology. gy The Icons make it simple p to understand what a Bluetooth enabled device can do and how it will work with other th devices d i for f printing, i ti file fil transferring, listening to stereo audio and more. more • Headset • Music • Print P int • Input I t • Transfer Bluetooth for today – v3.0 + HS • Ratified in Apr 2009 • Uses 2.4 and 5.0 GHz • Main feature is AMP - alternate MAC/PHY / - this allows using WiFi • Connection is set up and negotiated over Bluetooth std • Bluetooth using secondary (Wi-Fi) radio alreadyy in a device • OTA data rate: up to 54Mbps • Application throughput: up to 24Mbps • 128bit AES security layer • Only uses Wi-Fi when needed and isn't announced when not needed • Saves on power use • More secure • Less than 100ms latency • Lower power consumption than Bluetooth v2.1 • Enhanced power control Cool 3.0 3 0 + HS examples • Bulk data transfer = updating your iPod music catalog • Send photos to a printer w/o intermediate steps • Video streaming • Send video from video cam corder to your TV • To role player googles? - imersion Bluetooth for tomorrow – v4.0 & LEP • New Bluetooth Core Specification v4 v4.0 0 – Adopted 17dec09 – Class 3 (1mW) ( ) • Low energy protocols – Way to tie your phone to you via a 'key fob' l k device like d – Way to tether a kid to being near you - else a warning beep for out of range – Create a link between you and work out monitors(pulse, pedometers, etc) – 1st products before end of '10 10 – Coin cell batteries may last for years of use (like garage door openers?) • Examples of 4.0 devices: – Expected use cases include watches displaying Caller ID information, sports sensors monitoring the wearer's heart rate during exercise, exercise and medical devices. – The Medical Devices Working g Group p is also creating a medical devices profile and associated protocols to enable this market. k t - Bluetooth low energy technology is designed for devices to have a battery life of up p to one year. y • May need to install Bluetooth sw stack to g get BT between PC and device – Bluetooth not built in to Windows XP • Added to SP2 Security – everybody’s favorite! Safe Bluetooth recommendations • Don't link to unknown Bluetooth devices • Do change g the default name used to broadcast your Bluetooth status • It could keep someone from knowing your device's weakness • You may want to consider AV sw for your p phone/pda/device /p / • Do change the pairing code (PIN) away from default • Remember to delete any access if a Bluetooth device is lost • Bluecasting - a Bluetooth server in a bluetooth kiosk sends data to passers-by • Temples p in India can offer ringtones, g , wallpaper p p images of deity's, etc • Could lead to Bluejacking - the sending of unsolicited messages over Bluetooth (c 2003) – Bar room prank – Guerrilla advertizing campaigns • Used to be only text, but can now be any kind of file – Ex: vBusiness cards • Example programs are bluesniff, bluesniff bloover Could lead to Bluesnarfing - the unauthorized access of information from a wireless device through a Bluetooth connection – No known code doing this at this time mo e se more serious io s than Bl Bluejacking ejacking – A hole in the original Bluetooth std allowed p this,, but has since been patched Could lead to Bluebugging - more of a social networking thing - cons user into pairing with a hacker's device - which then could use your d i without device ith t your approvall (c ( 2004) – takes control of your device and can either listen ste in o or make a e ca calls, s, etc (c 2004) 00 ) • There have been real viruses aimed at Bluetooth, but for the most part few of them h have been b in i the th wild ild (Lasco.A, (L A 29A, 29A velasco.sis file, cabir worm) • One use of auto linking was for thieves to scan locked cars in parking lots to look for laptops and other devices inside and worth stealing Tips to protect your data • Non-Discoverable Mode – To prevent others from seeing your device, you can set it to a nondiscoverable mode. You can still use your Bluetooth services, like talking on a headset, but your device will not be found by other Bluetooth devices. devices • Only Pair with Known Devices – Don't Don t "pair" pair with unknown devices. devices Just like you would not open your door to a stranger, g , do not accept p content or pair p with devices from unknown users. • Change your PIN – Pair your device in private to make the permanent connection. And if your device comes with ith a default d f lt Personal P l Identification Id tifi ti Number (PIN), change it to only one you know. • May want to keep Bluetooth off on phones to save on battery life The End
© Copyright 2026 Paperzz