Archive for the Wireless Security Category

Bluetooth 3.0 + HS: Compromising Your Security at 24 Mbps

Posted in Wireless Security with tags , on July 1, 2009 by Tony Flick

On April 21, 2009, the Bluetooth 3.0 specification was adopted by the Bluetooth Special Interest Group (SIG). This new specification includes new attributes such as:

  • High speed data transfer of large files (~24 Mbps)
  • Bluetooth low energy

The new specification achieves these new attributes by including an 802.11 radio, aka Wi-Fi, that allows lower energy usage when attempting to transfer large amounts of data. While ultra-wideband (UWB provides ~480Mbps) was widely rumored to be included in the upcoming specification, it was absent from the final release. Utilizing the Wi-Fi radios will increase the data transfer speed, which results in a lower per bit energy usage. The Bluetooth radio will still be utilized for the initial operations such as device discovery, initiating connections, and profile configurations. The result is that Bluetooth 3.0 devices will utilize the appropriate radio to minimize power consumption.

While this new specification promises significant speed improvements and efficiency, new technology always presents new risk. The new high speed data transfer protocol works by first initiating the connection via the traditional Bluetooth protocol. Then, the device creates an ad-hoc connection (peer-to-peer) between the two devices creating a personal area network (PAN). The new standard calls for 128-bit AES encryption, which is commendable; however, the 3.0 specification remains backwards compatible. So, if one device is an older generation, the devices will use the older specification to perform communication. Thus, the communication between the two devices will be susceptible to the traditional attacks against Bluetooth.

When performing traditional wireless security assessments, one of the most common recommendations is to configure wireless clients to only join infrastructure networks (Access Points). But as mentioned before, the transfer of large amounts of data will go over an ad-hoc connection. Thus, the communication between the two devices will be susceptible to the traditional attacks against ad-hoc networks.

By combining the two radios, the Bluetooth SIG will advance the abilities of Bluetooth devices, but will also introduce new attack vectors. Within the next year, devices will be emerging that implement the Bluetooth 3.0 + HS specification. The question then becomes, are you going to get bluejacked at 24 Mbps?

Advertisements