Is Your Bluetooth Safe?

Most of us turn on Bluetooth and just leave it on.  The fact is Bluetooth poses security challenges that need to be addressed.

Bluetooth History and Background

Bluetooth’s name came after King Herald and if you ever watched the movie “A Kingsman” then you’ll undoubtable remember the dinner scene when Gary ‘eggsy’ Unwin shows off his unique abilities.  Bluetooth first went mainstream in 1994 and was shipping on over 5 million devices per week by the late 1990’s…  And as we all know Bluetooth is on just about every device we own today.

IEEE 802.15.1 is the Bluetooth specification for short range radio.  Bluetooth is a not a network routing solution like Airport.  Rather Bluetooth is considered an alternative to IrDA with the major difference being Bluetooth relies on radio.  By using radio it overcame some of the challenges of infrared which is primary distance.  Bluetooth running at a 2.5 mW the range would be approximately 32 feet.

Bluetooth does leverage frequency hopping.  This provides for higher throughput rates as well as making it harder for would be eavesdroppers.   For additional security Bluetooth uses device specific characteristics to determine frequency hop sequences.  Couple this with authentication and encryption processes and one would believe Bluetooth is secured.

Bluetooth Attack Surfaces

Most security professionals will remember in their training the term Bluesnarf.  This is a term used to generically describe the ability to steal information over Bluetooth.  There are end user tools like BlueDiving for penetration tests that features Bluetooth address spoofing.

However technically speaking there are several other Bluetooth hacks.  For example you could Bluejack someone just by creating a new contact and sending that via Bluetooth (just put whatever text in the contact name).  Another example is using Airdrop to send malicious information to unsuspecting victims.  And if they used their real name in the phone profile then attackers can be even more targeted and tie this into other spearfishing campaigns.

Armis who’s stated mission is to rid the IoT of vulnerabilities recently demonstrated just how easy it is to hack an Android device.  In their example you can see how a highly motivated threat can obtain very sensitive information.

Security Best Practices

Our enterprise cultures are adopting a “Bring Your Own Device” strategy.  So, what happens when someone tethers their phone to a company laptop, or said company laptop has Bluetooth enabled.  This quickly opens up corporate networks to data exfiltration attacks.

For security best practices we need to enact policies that address Bluetooth in the work place.  With the work place being mobile the best place to start is not to allow Bluetooth in public places where people tend to gather for extended periods.  Definitely not at security conferences like BlackHat.  These policies need to be clearly communicated and people acknowledge the understanding of this risk.

It’s also recommended to have a strategy to verify devices are up to date with the latest security patches.  For example one strategy could be to deploy MDM (Mobile Device Management) technology.  This is a great strategy as most businesses that have a distributed workforce will typically already have the policies and technology in place to support MDM.

As IoT becomes more mainstream its important to stay educated on the threat landscape as well as the attack surface.  For example we can alter these landscapes and surfaces but must make the decision based on benefits outweighing the risk.  This is why some corporate entities purchase mobile devices for their employees to enforce standardization (thus reducing attack surface).