Computer Science and Information Systems
This report presents the Bluetooth wireless technology focusing on the security architecture and the resulting vulnerabilities. It reviews the available protection mechanisms embedded in the Bluetooth technology and points out the associated risks. The paper concludes with the position that the Bluetooth security is good enough for the intended purpose of its specification, which is basically a wireless cable replacement. Through software, the Bluetooth security can be enhanced to a limited extent, but you cannot make a lion out of a mouse.
This paper examines the Bluetooth wireless technology, BT, in the mobile telephony context, presents the BT security features and vulnerabilities, and elaborates on the security concerns that are still pending despite the continuous improvements in the BT related software.
The research had three parts; the first was the review the BT security architecture, the second the review the vulnerabilities posed in the BT wireless technology, as presented in the literature, and the third was the adequacy assessment of the various protection mechanisms.
Bluetooth is the commercial name of a data communications
protocol developed by the IEEE (
In May 1998, the Bluetooth SIG (Special Interest Group) was formed to support its evolution . The Group was founded by industry’s telecommunications and microchip giants including 3Com, Erickson, IBM, Intel, Lucent, Microsoft, Motorola, Nokia and Toshiba, and it is now a consortium with a present membership of over 4,000 . It is estimated that “… more than 250 million BT devices are in operation worldwide, …” and this number is expected to double every year. .
The BT protocol operates at an unlicensed portion of the ISM (Industrial Scientific Medicine) frequency spectrum and its permitted range is 2.4000 to 2.4835 GHz. The specifications provide for three power classes, allowing maximum power outputs applied to the antenna of 100mW, 2.5mW and 1mW, which translates to a range of up to 330 feet. The data transmission rate is at about 1Mbps with optional encryption, where the actual data rate is a function of the deployed data security and data integrity options. Data integrity is maintained through Forward Error Correction; a scheme where a significant amount of metadata accompany the data for at-the-destination correction .
BT provides two connectivity modes. The point-to-point, which is for exclusive data communication between two devices, and the point-to-multipoint connectivity, which is for limited networking.
Bluetooth Security Architecture
The BT wireless technology provides for devices to operate in two main security modes - namely, the Non-Secure and the Secure Mode.
In the Non-Secure Mode (Security Mode 1), the BT equipped device is in the discoverable mode searching the environment for other BT equipped devices, and it is recognizable by other devices in the same state. In this mode, a device may accept messages from other devices regardless of their trust status. Also in this mode, devices, using the Service Discovery Protocol, search the environment for available BT services. This is a non secure procedure leading to the recognition of available services and not necessarily to access to these services. Depending on the service providing architecture, access may require user authorization and/or device authentication. [6 p8]
The Secure Mode has two sub-modes, namely, the Service Mode (Security Mode 2) and the Link Mode (Security Mode 3). In the Secure modes, inter-device communication creates a passkey, which is common to both devices for the current communication, and is used for device authentication and data encryption and decryption. [7 p10]
In the Service Mode, the accessible services can be open to all devices; open with authentication, or open with authentication and authorization.
In the Link Mode, the accessible linked devices are classified as untrusted devices, having restricted access, or as trusted devices with unrestricted access.
Malware, Why? One would wonder, who is his right mind would write and distribute malware. Yet, there is underground culture of highly skilled programmers who take it as a challenge to crack information system security architectures. From what has leaked from this underground culture, malware writers are mostly highly experienced programmers treating cracking as their challenge in life [8 par 5-8) ]. Unfortunately, the BT wireless technology has not escaped the malware menace with the Symbian OS mobile phones being hit first [9 last par].
Bluetooth Security Vulnerabilities
Despite the extensive security precautions that have been entered into the BT specifications, it appears that BT operating systems have inadvertedly allowed the presence of vulnerabilities. However, the fact that most BT code is in firmware, makes BT wireless technology resistant to “…malicious code.”[10 p.8].
To be vulnerable to intrusion risks, a BT equipped device – mobile phone - must have its BT feature activated. That is the device must be in the Discoverable Mode. Furthermore, in all BT communications, bona fide or malicious, the devices – victim and attacker – normally must be within a ten meter proximity to each other. However, the availability of highly sensitive receivers makes BT eavesdropping possible from much longer distances.
In BT equipped mobile telephony vulnerabilities can be considered as passive and active. In the passive ones intruders spy, or create inconvenience, while in the active intruders inflict casualties on the victim’s phone databases. Furthermore, intruders, via this BT link, can use the victim phone as their very own.
REFERENCES (All re-confirmed on February 25, 2007)
 802.15 Working Group for Wireless PAN http://standards.ieee.org/wireless/overview.html
 Bluetooth Special Interest Group www.bluetooth.com/sig/sig/sig.asp
 Bluetooth Security www.bluetooth.com/bluetooth/learn/security
 Bluetooth Networks: Risks & Defenses www.airdefense.net/whitepapers/bluetooth_request.php4
 Security Overview of Bluetooth www.cosic.esat.kuleuvenbe/publications/article-565.pdf
 Bluetooth Security Architecture http://www.bluetooth.com/NR/rdonlyres/C222A81E-D9F9-48CA-91DE-
 Bluetooth Security White Paper
 Who Creates Malware http://www.viruslist.com/en/virus/encyclopedia?chapter=153280553
 Malware Trends www.viruslist.com/en/trends
 Bluetooth Security www.cybertrust.com/intelligence/white_paper/
 F-Secure first to offer full protection to smartphone S60 3rd edition
 F-Secure Virus Descriptions: Cabir http://www.f-secure.com/v-descs/cabir.shtml