Bluetooth Security

  1. What is Bluetooth?
  2. Bluetooth Security
    1. Frequency Hopping
    2. Security Modes
    3. Authentication and Encryption
    4. Types of Encryption
  3. Risks and Threats
    1. Bluetooth’s Weak Points
    2. Bluejacking, Bluebugging, Bluesnarfing
    3. Malicious Software
    4. Denial of Service
  4. Conclusion

What is Bluetooth?

The origins of the name Bluetooth are deeply rooted in Scandinavian history. In the 10th century the Danish king Harald Blåtand succeeded in uniting large areas of Denmark, Norway and Sweden under his reign. Like Harald Blåtand once united the Scandinavians, Bluetooth was intent to unite the diversity of different communication technologies like computers and mobile phones. Therefore it is not surprising that the Bluetooth logo is a combination of the Nordic runes for H and B. One goal of the Bluetooth developers was the communication of various devices without any use of cables and plugs but also without configuration by the user. Bluetooth is an industrial specification for wireless personal area networks (PAN) which allows creating an ad hoc network, a spontaneous connection of Bluetooth enabled devices communicating with each other. This provides a way to connect and exchange information between devices like mobile phones, laptops, PCs, printers and digital cameras via a short range radio frequency. Bluetooth can have a maximal transfer rate in close-up range up to 732.2 KBits per second and a transfer radius of about 10 meters or even 100 meters with a higher specification. The problem with Bluetooth devices is that they are often configured insecure by the manufacturers which make them vulnerable to misuse. In addition to that the feature of wireless communication bears the unutterable risk of eavesdropping by everyone willing to learn the backdoors of wireless communication.

Every participant in Bluetooth communication can have two roles in the network: master and slave. While the slaves are passive the master is coordinating the communication and forcing the pulse of frequency changes. There can be up to seven slaves connected to one master which are all united in one Piconet, a small, short ranged network. Although a Piconet can contain 255 devices only 8 of them can be active. When more Piconets are connected to each other it is called a Scatternet. Due to the mobile nature of the devices connections break up or are established spontaneously while the devices are being moved through the steadily changing radio network. A central server is not available. This also makes it impossible to implement the known algorithms of encryption and authentication as known from the client-server structure in wired networks.


1 2 3 4