Bluetooth Technology and Security
Bluetooth is defined as a low-cost, low-power technology that provides a mechanism for creating small wireless networks in an ad-hoc basis, known as piconets. A piconet is composed of two or more Bluetooth devices in close physical proximity that operate on the same channel using the same frequency hopping sequence.
Whether you realize it or not, you probably use some sort of Bluetooth technology on a regular basis. If you have a smart phone, smart TV, fitness tracker, or even connect your phone to your car for hands free usage while driving; you’re most likely using Bluetooth technology. Most people have at least 4-5 connected devices which is why it is important to know the security risks and to take proper steps to protect not only your equipment but also your information and communications.
Chances are, your devices are more discoverable than you think. When you are out in public and you check your cell phone for wireless connections, you typically get a list of other devices. Those devices are “discoverable” which means you can connect to them. Most importantly, hackers can also connect to them.
With the recent release of the new Bluetooth technology in “smart” devices, there are several major improvements; however, with these improvements there also comes downfalls.
- Increase in range of transmission – up to 400 meters in some cases. While this is great for the consumer, it also means hackers can access devices and communications from a much greater distance than before.
- Increase in data transmission speed. Again, great for the consumer but now hackers can download a huge amount of confidential data in a shorter amount of time.
- Increase in data broadcast bandwidth which replaces the app-to-device paring model with more connectionless traffic. Since there is still no user authentication in the new standard, only device authentication, hackers may be able to access sensitive information and communications more easily.
How do you protect your personal information and communications?
- Change your device settings to “Undiscoverable” when not using the Bluetooth.
- The easiest and most effective way is to deactivate your Bluetooth when it isn’t in use.
How do you protect your business information and communications if you have staff using Bluetooth technology?
- Continually educate your staff on the risks of using Bluetooth capable devices and the steps to take to do their part in protecting sensitive data and communications.
- Determine what devices are used in the work place that allow users to block or limit Bluetooth access. Some devices, like remote mouse or keyboards, can be set up to only allow access while blocking all other Bluetooth file and device traffic.
- Implement and Enforce “Bluetooth Usage Policies” that clearly outline the approved use for corporate Bluetooth devices, specifically the types of allowable information to be transmitted via Bluetooth networks, create a passkey/PIN policy, and change the default paring PINs on all Bluetooth capable devices.
- Change the device settings to “Undiscoverable” when not using the Bluetooth.
- Deactivate the Bluetooth when it isn’t in use.
While there will most likely always be holes in the Bluetooth Technology Security, make sure to regularly take advantage of manufacturers patches or updates to address threats and correct any weaknesses. And again, deactivating your Bluetooth capability when not using it is still the most effective way in protecting your devices, information, and communications.
For additional information and security practices best suited for your personal and business environments, contact your IT professional.