Bluetooth

From MgmtWiki
Jump to: navigation, search

Full Title

A data interchange standard using a radio with limited range.

Context

  • In the late 1990's big companies like Intel were trying to find a mechanism that could be used to transfer more data than NFC that consumed low power.

Low Energy

BLE or Bluetooth Low Energy:

Also excited by a stationary antenna that causes the smartphone to respond
Needs to have an app on a smartphone that is powered up and has bluetooth enabled that responds to the message with a UUID
Operations at 2.4 GHz at about 70 meters between device and antenna.

Problems

  • Security was not designed into the protocol at the beginning.

Beacons

While beacons using Bluetooth was introduced to solve a problem, but in just substituted one problem for another. This attack was published in late 2021:[1]
Bluetooth hardware contains a security flaw that may compromise about 40% of mobile devices, according to University of California, San Diego (UCSD) researchers. The hardware underlies the operation of phone-tracking applications, which UCSD's Nishant Bhaskar said "require frequent and constant transmission of Bluetooth beacons to be detected by nearby devices. Unfortunately, this also means that an adversary can also find out where we are at all times by simply listening to the Bluetooth transmissions from our personal devices." Defects or imperfections during manufacture can slightly distort Bluetooth signals from individual devices, resulting in the generation of a unique signature. Experiments showed approximately 40% of mobile devices could be identified individually within crowds based on their Bluetooth signal signatures.

References

  1. Michelle Hampson Widespread Vulnerability Identified in Phones and Bluetooth Devices (2021-11-04) IEEE Spectrum https://spectrum.ieee.org/bluetooth-security