Bluetooth

Bluetooth is an economical solution that can be implemented in a number of different devices. In wireless access devices from cell phones and handheld PCs, to printers and headsets, Bluetooth provides a common method for devices to interact wirelessly without line of site. To become Bluetooth-certified, the Bluetooth Special Interest Group (SIG) (http://www.bluetooth.com/about/ members .asp) must test each application for interoperability with other devices. Given this requirement, there is reliable interoperability between devices from a vast assortment of hardware vendors .

Like 802.11-based wireless devices, Bluetooth presents security risks. (For more details, see the document provided at this web site: http://www.atstake.com/research/ reports /acrobat/atstake_war_nibbling.pdf.) Table 11-2 helps explain some of the pros and cons of Bluetooth in general.

Bluetooth allows for up to eight users to connect in an ad hoc manner. When users are connected in this manner, the network created is referred to as a piconet. All users in a piconet have equal access to the ad hoc network. If you need more than eight users to participate at one time, you can form what is known as a scatternet. A scatternet is a collection of more than one piconet. To connect piconets, one node on each piconet must associate with each and every other node. On every piconet, there is one master node and the rest of the devices that are connected are slave nodes. The nodes that associate to form a scatternet are not required to be the master node.

Bluetooth devices use the 2.4 GHz frequency, starting at 2.402 GHz and ending at 2.480 GHz. This creates 79 independent frequency slices. Frequency hopping adds a layer of security. Up to 1,600 hops can be performed per second to ensure data security. This frequent changing of frequencies in which data is transmitted makes it difficult for unauthorized devices to eavesdrop on the communications.

Authentication and encryption is also provided by Bluetooth devices. Authentication methods allow you to specify a password to allow devices to connect. Encryption (though optional) may be activated to keep the information transmitted free from unauthorized surveillance of the data. Bluetooth also allows for manufacturers using Bluetooth technology to pass their own authentication and encryption between devices for added security if needed. These mechanisms combined can reasonably secure communication between devices.

A user's configuration can be cause for concern. If a user leaves a Bluetooth device in "discoverable" mode, it could become associated with another device without the knowledge or consent of the Bluetooth user. Scanning for such devices (whether discoverable or not) is known as war nibbling. The MAC address is only three characters long on a Bluetooth device. This allows programs such as Braces (http://braces.shmoo.com) and Bluesniff (http://bluesniff.shmoo.com) from the Shmoo group to brute-force finding devices that have been marked "non-discoverable" by trying all the address range. As opposed to "fixed wireless" devices that normally remain in one place for a long period of time, "mobile wireless" devices such as Bluetooth do not usually remain in one place for a long time. The devices' mobility can reduce the threat of war nibbling. Depending on the hardware and software used to war nibble, it can take 315 hours to complete, which decreases a user's security exposure; however, the mobility of a device should not be the basis for the security posture .