Bluetooth offers security tips to avoid attacks

After two Israeli researchers published a paper earlier this month explaining how security mechanisms in short-range wireless Bluetooth technology could be quickly undermined, members of the Bluetooth Special Interest Group (SIG) are now urging users to take several precautions.

Bluetooth, a radio technology that allows users to exchange data over the airwaves at a distance of around 10 meters, has been a target of intrusion attacks in the past.

Bluetooth security is essentially based on devices generating a secure connection through a pairing process. During this process, a user of one of the devices needs to enter a PIN code, which is used by internal algorithms to generate a secure key. This key is then used to authenticate the devices whenever they connect in the future.

But the findings of the Israeli researchers suggest the technology may be even more susceptible to attack than previously known.

The academic paper puts forward a theoretical process that could potentially “guess” the security setting on a pair of Bluetooth devices, according to the Bluetooth Web site. To do so, the attacking device needs to listen in to the initial one-time pairing process. Form this point, it can use an algorithm to guess the security key and masquerade as the other Bluetooth device.

What is new in this paper, according to the Bluetooth SIG, is an approach that forces a new pairing sequence to be conducted between the two devices and an improved method of performing the guessing process, which brings down the time significantly from previous attacks.

Even though this is an academic analysis of Bluetooth security and not a reported, real-life intrusion, SIG members, which include IBM Corp., Intel Corp., Nokia Corp., Microsoft Corp. and Motorola Inc., want to quickly eliminate any concerns users may have. On the official Bluetooth Web site (www.bluetooth.com), the group offers three basic elements of good practice to help safeguard from attack:

– When pairing devices for the first time, do so in private at home or in the office and avoid public places;

– Always use an eight character alphanumeric PIN (personal identification number) code as the minimum. The more characters within the code, the more difficult it is to crack;

– If your devices become unpaired in a public place, wait until you are in a private, secure location before re-pairing them.

Additional tips on how to use Bluetooth wireless technology securely are available at: www.bluetoothcom/help/security.asp.

Related links:

Researchers crack Bluetooth code

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now