Bluetooth security mechanism

The Bluetooth technical specification includes basic connection safety measures. By default, most Bluetooth devices work in unprotected "unsecured" mode. The Bluetooth technical specification also defines two other modes: The third mode guarantees the security of the entire wireless connection, and the second is the security of each authorized application. For best results, use mode 3rd to enforce connection identification and encrypt all Bluetooth traffic, and discourage or prohibit enterprises from using devices that support only the first mode.

When connection security is enabled, the Bluetooth device must complete a preliminary "splice" exchange, resulting in a pair of connection identification and keys. The user must supply the same PIN code to both devices, and then mix with the vendor-defined unit key. However, using a weak or predictable pin encoding can disrupt the pairing process. To reduce the risk, the device should be paired in a secret location, using a long and random pin code. Avoid the default PIN encoding, easily guessed pin encoding (such as "0000"), and avoid using devices that do not support pin encodings that can be set.

After "bonding", pairs of Bluetooth devices can be interconnected whenever data is exchanged. After each connection is established, the device exchanges password response information to show the connection key that was created during the engagement. However, this identification exchange is valuable for guessing the key. In the process of guessing the key, a device attempts to identify repeatedly. An active attack can be thwarted by increasing the interval of each attempt. However, the Bluetooth technical specification does not enforce the maximum number of attempts. One-way identification is also susceptible to man-in-the-middle attacks. To reduce this risk, you have to always ask the two interconnected devices to be identified. If possible, you want to set up Bluetooth products, so that users must accept access to the network connection request.

Depending on the encrypted mode of negotiation, 8-bit to 128-bit keys can be used to encrypt data transmitted over the link. For best results, avoid using the first encryption mode (unencrypted), optionally select the second (encrypted one-way broadcast instead of broadcast traffic) or the third encryption mode (encrypt all traffic). Since data encrypted with too short keys can be parsed to break the captured traffic, both devices should be set up to use a 128-bit key. (Computer science)

Further steps to make the most of these built-in Bluetooth measures include:

• Turn off the Bluetooth interface and turn off the discovery feature of Bluetooth. This feature allows each device to declare itself open to all nearby devices. These common practices reduce the chance of Bluetooth being attacked.

• Set the Bluetooth device to use the lowest power to meet business needs. Three types of equipment transmission power of 1 MW, transmission distance of not more than 10 meters. A class of equipment transmission power of MW, transmission distance of 100 meters. Adjusting power does not eliminate attacks by external personnel. However, the likelihood of an attack can be reduced.

• Because the connection key is stored in a pair of Bluetooth devices, the password protects the two devices from using lost/stolen devices. If possible, do not permanently store the pairing PIN code in the Bluetooth device.

Focus on Bluetooth

Hackers have created countless ways to attack Bluetooth as a target, especially for mobile phones and handheld computers that use Bluetooth headsets. Many people exploit programming vulnerabilities and bad implementation options associated with the OBEX protocol. For example:

· Bluebug let the attacker make a phone call on another Bluetooth phone.

· Bluedump the PIN code by observing the Bluetooth device pairing.

· Bluejack allows an attacker to add contacts to the phone book of a Bluetooth device.

· Bluesmack crashes the Bluetooth device by sending "Ping-of-death" information.

· Bluesnarf lets an attacker get contact and calendar data from a Bluetooth device.

· Bluestab uses a poorly formatted name to crash a device when it discovers a Bluetooth device.

To defend against this attack, you combine good settings with good practices such as the Bluetooth product assessment, patches, and security audits described above.

Audit the air waves inside your facility and find all the devices that have Bluetooth capabilities. For example, take a portable Bluetooth scanner to walk in the hall, these scanners include Airdefense Company's Bluewatch, AirMagnet Company's Bluesweep, Berkeley varitronics Company Systems Bluetooth or network chemistry company's RFprotect Bluescanner. Keep in mind that you need to test three types of equipment within 10 meters. It's hard to find devices that turn off the search function. Alternatively, configuring a full-time Wi-Fi intrusion detection or intrusion prevention system may interpret Bluetooth as an unexplained Wi-Fi interference source or a fingerprint detection device with a human Bluetooth device.

Make a list of all discovered devices using a Bluetooth interface that includes hardware, model, operating system, and version. It then searches for Bluetooth vulnerabilities and exposes databases (such as Trifinite, wve) to determine if there are known issues with these devices. For example, Nokia and Sony Ericsson Mobile Communications have released upgrades for Bluetooth phones that are vulnerable to bluesnarfing and bluebugging attacks. Use the available patches to fix these vulnerabilities and eliminate older devices that do not have security patches.

Finally, make a security policy for all Bluetooth devices that affect your business. These policies usually include handheld devices owned by employees. There is also a need for long-term user education to drive users to secure the use of Bluetooth technology. Once employees are aware of the potential impact on personal and business data, they are more willing to voluntarily comply with these established policies. They will even welcome provisioning help, as long as Bluetooth security does not prevent authorization from being used. However, where security is very important, compliance with Bluetooth and other security measures should be enforced through a centrally managed equipment management system. In short, connection security is part of a larger environment. Multiple layers of defense must be coordinated to protect the Bluetooth device and its data.