Bluetooth security and threats

English Summary Since its birth in 1994, Bluetooth has gained increasingly higher popularity and acceptance. The technology has now become a de facto standard for short range wireless communication, and Bluetooth is applied in a diversity of devices including consumer electronics, health care, transportation and in industry. Bluetooth is also anticipated to be used in military applications, e.g. as a wireless link between a personal digital assistant (PDA) and a Harris long range radio. The proliferation of the technology has naturally led to increased focus on the security as information is transmitted over the unsecure wireless medium, and hence is vulnerable for a variety of attacks including eavesdropping and denial-of-service (DoS) attacks. Due to the popularity, the security in Bluetooth plays a very important role, first of all in public society, and also, in a long term perspective, for the Armed Forces. This study gives an in-depth overview of the security architecture and mechanisms of Bluetooth, as well as its weaknesses and vulnerabilities. Bluetooth has evolved over time in terms of capability and security. This is reflected through the different Bluetooth specification versions: Bluetooth Classic, also referred to as Basic Rate/ Enhanced Data Rate (BR/EDR), Alternate MAC/PHY (AMP), and Low Energy (LE). In parallel, the security in Bluetooth has gradually evolved in three phases, referred to as Legacy Security, Secure Simple Pairing (SSP), and Secure Connections. In Legacy Security, the link key is derived from the PIN code, which provides low entropy and hence vulnerability to exhaustive search attacks. In SSP, important changes have been made in the security architecture in order to improve the weaknesses seen in Legacy Security. Elliptic Curve Diffie-Hellman (ECDH) and association models have been introduced (among others), which provide enhanced security, increased user friendliness, and stronger protection against exhaustive attacks. The latest security architecture, Secure Connections, is based on SSP. The difference is that Secure Connections utilizes even stronger and more secure cryptographic algorithms compared to SSP. Additionally, it also supports integrity protection. A number of security breaches and threats have been discovered over the years. In the most severe cases, an attacker may gain access to restricted data, or even worse, take complete control of the target Bluetooth device, e.g. a mobile phone. These security threats are due to either weaknesses in the security architecture (especially in earlier versions of the Bluetooth specification), side-effects of design features, improper implementations by the manufacturers or improper use by the user. Most of the security threats and vulnerabilities discovered are probably obsolete since the introduction of SSP. However, even though the security has been improved, there are still weaknesses in the Bluetooth security architecture as documented in several publications. This is due to the fact that it is very difficult to design a security architecture that is secure and user friendly at the same time. Often, a compromise is made between security and usability. This is also the case for Bluetooth. From a user point of view, it is important to be aware of the potential risk and learn how to protect the Bluetooth device.