History of Bluetooth
“The idea behind Bluetooth technology was born in 1994, when a team of researchers at Ericsson Mobile Communications…initiated a feasibility study of universal short-range, low-power wireless connectivity as a way of eliminating cables between mobile phones and computers, headsets and other devices”. The companies wanted to standardize the industry around a short-range radio link.
Intel started a program called Business-RF, Ericsson with MC-Link and Nokia with Low Power RF. In 1998 a new group was evolved named Bluetooth Special Interest Group (SIG). “Bluetooth” was named from second King of Denmark, Danish King Harold Bluetooth from the 10th century (Bluetooth SIG, 2006).
He was famous for uniting Scandinavia just as industries intended to unite the PC and cellular industries with a short-range wireless link. There were however disagreement regarding the name of the Bluetooth. The suggestion team also came up with name “Flirt” with a catch phrase “getting close, but not touching”. The naming process continues for a long time. The Bluetooth logo consist of the runic character H and B. It was designed by a Scandinavian firm.
Features of Bluetooth:
1. Operates at 2.4GHz radio spectrum.
2. Allows up to 7 simultaneous connections maintained by a single radio.
3. Data transfers 2 Mb/s (at least).
Bluetooth is a peer-to-peer technology i.e. no centralized administration and security enforcement infrastructure. The specification of Bluetooth is complex which supports over two dozen of diverse voice and data services. The implementation of Bluetooth involves a variety of chipsets, operating system and devices. These complexities lead Bluetooth to number of serious security vulnerabilities like other wireless technology. These vulnerabilities can be dangerous as it might disrupt the whole network with the disruption of one device it is connected to.
Misconception about Bluetooth:
Generally people use Bluetooth to transfer data from one device to another in shorter range. Many people are not aware that transferring data from Bluetooth can be exploited. Some of the misconceptions about Bluetooth they have are:
1. Bluetooth is a short-range technology.
Class 1 - 100 m
Class 2 – 10 m
It is not impossible to connect to class 2 devices from over a mile away by using 18dBi gain antenna and source device-class 1.
2. Bluetooth does not expose sensitive information.
3. Pairing is required to exploit.
Some device relies on MAC permission.
4. Devices in non-discoverable mode cannot be found.
Bluetooth vulnerabilities
Eavesdropping
The exchanged messages and data between devices can be listened. The credit card information can be obtained and all PIN can be guessed randomly.
Impersonation
Knowing the PIN number can be unsafe since the attackers can change email reply.
Bluejacking
Attackers can send unwanted messages. This is generally done for promotional purpose.
Bluesnarfing
Attackers can hack into mobile phones and make copy of entire contacts, calendar, messages stored in phone’s memory.
Backdoor attack
Establishing a trust relationship by a “pairing” mechanism the attackers might be gaining information.
Cabir worm
It is software that search for the available Bluetooth devices and send request itself.