Introduction to bluetooth security
Bluetooth is an essential tool in modern technology – this wireless standard can be found virtually everywhere. Similar to pre-existing networks, Bluetooth uses radio waves to connect two or more devices for the purpose of transferring short-range data. Bluetooth makes connecting your devices faster and easier. However, because of these advantages, Bluetooth security is very important, as its technology is susceptible to spying and interception.
There are several advantages to using Bluetooth, the most obvious being the elimination of wires as a means of connecting devices. We have Bluetooth connections to thank for wireless mice, keyboards and headphones. Devices are paired using a very simple one-time verification process. Once connected, devices can be set to not actively seek out connections as a security feature.
Despite the numerous advantages of using Bluetooth technology, there are also come some risks. For example, the Bluetooth standard was originally designed to operate over short distances of under two meters; however, modern Bluetooth technology has allowed some signals to extend over a range of more than one hundred meters! This rapid advancement leaves consumers unaware of their device’s capabilities, sometimes leading to them accidentally broadcasting their device to anyone listening within a range much greater than they anticipated.
There are many tools available to anyone with a laptop and an internet connection that can be used to attack, duplicate, or intrude surrounding Bluetooth signals, which in turn enables them to access or steal sensitive data as it is being transmitted.
One of these tools, known as Bluesnarf, allows the user to forcibly connect to a Bluetooth-enabled device without a PIN or a code, effectively circumventing the standard pairing process (the first line of defence in terms of Bluetooth security). Once connected, Bluesnarf enables the user to manipulate and interact with the device, potentially giving them access to any data that the device sends or receives.
A more recent example of mismanaged Bluetooth security can be found in Boosted Boards brand electricity-assisted skateboards. The skateboards have a small servo attached that is used to control the wheels on the skateboard. This motor is controlled by an app on a smartphone, connected to it via Bluetooth.
Two researchers, Mike Ryan and Richo Healey, figured out that this Bluetooth connection could be interrupted and hijacked, giving them full control of the skateboard. The security flaw they exploited has since been patched by Boosted Boards (the maker of the skateboard); however, it shows how important Bluetooth security can be in even the most unlikely of devices.
As another example, a popular application called FireChat was designed to send messages between devices in close proximity, to be used when internet and cellular networks become too congested to use in certain areas. This situation is common in countries like China, where the cell towers and internet providers are often crowded and congested.
Firechat took off during the Umbrella Revolution in Hong Kong in 2014. This allowed protesters to alert one another of riot police and organize “off the grid” so to speak; however, FireChat has since been proven to be insecure: in the same year, vulnerabilities were discovered that allowed anyone nearby to intercept data from the application and receive detailed information about messages being sent near them.
Making any technology more secure requires the rigorous testing and controlled exploitation of known vulnerabilities, allowing the extent of the vulnerability to be better understood by manufacturers and theoretically expediting a patch. Therefore, the LCDI will be working towards setting up extensive testing schema to quickly and accurately assess the vulnerability of modern Bluetooth-enabled devices.
For a broad spectrum of testing and research, the LCDI has assembled a wide variety of Bluetooth devices for our team to test, including but not limited to Android and Apple smartphones, an Android smartwatch, a speaker, and a mouse and keyboard.
While our tests are conducted, we will keep extensive logs and research notes to be used for later analysis. A large collection of Bluetooth cracking, spoofing, sniffing, and monitoring tools was compiled early on to serve as a repository of possible testing avenues, along with a personalized list of tools for each device to be utilized during testing.
Bluetooth is a rapidly growing and adaptable technology which, thanks to widespread acceptance and implementation, has come to fruition as a strong and preferable alternative to wired devices.
By producing smart, secure devices, manufacturers can better serve their customers. By taking steps to protect our data, we begin to eliminate a market for cyber-criminals, and through cooperation and diligence create better technologies and practices.