Bluetooth | Bluetooth devices | Bluetooth low energy technology |

Bluetooth is an open wireless protocol for exchanging data over short distances (using short length radio waves) from fixed and mobile devices, creating personal area networks (PANs). It was originally conceived as a wireless alternative to RS-232 data cables. It can connect several devices, overcoming problems of synchronization.

List of applications
A typical Bluetooth mobile phone headset.More prevalent applications of Bluetooth include:
  1. Wireless control of and communication between a mobile phone and a hands-free headset. This was one of the earliest applications to become popular.
  2. Wireless networking between PCs in a confined space and where little bandwidth is required.
  3. Wireless communication with PC input and output devices, the most common being the mouse, keyboard and printer.
  4. Transfer of files, contact details, calendar appointments, and reminders between devices with OBEX.
  5. Replacement of traditional wired serial communications in test equipment, GPS receivers, medical equipment, bar code scanners, and traffic control devices.
  6. For controls where infrared was traditionally used.
  7. For low bandwidth applications where higher [USB] bandwidth is not required and cable-free connection desired.
  8. Sending small advertisements from Bluetooth-enabled advertising hoardings to other, discoverable, Bluetooth devices
  9. Wireless bridge between two Industrial Ethernet (e.g., PROFINET) networks.
  10. Two seventh-generation game consoles, Nintendo's Wii and Sony's PlayStation 3, use Bluetooth for their respective wireless controllers.
  11. Dial-up internet access on personal computers or PDAs using a data-capable mobile phone as a wireless modem like Novatel Mifi.
  12. Short range transmission of health sensor data from medical devices to mobile phone, set-top box or dedicated telehealthdevices.
Bluetooth vs. Wi-Fi IEEE 802.11 in networking

Bluetooth and Wi-Fi have many applications in today's offices, homes, and on the move: setting up networks, printing, or transferring presentations and files from PDAs to computers. Both are versions of unlicensed wireless technology.

Wi-Fi is intended for resident equipment and its applications. The category of applications is outlined as WLAN, the wireless local area networks. Wi-Fi is intended as a replacement for cabling for general local area network access in work areas.

Bluetooth is intended for non resident equipment and its applications. The category of applications is outlined as the wireless personal area network (WPAN). Bluetooth is a replacement for cabling in a variety of personally carried applications in any ambience.

Bluetooth devices

A Bluetooth USB dongle with a 100 m range. Bluetooth exists in many products, such as telephones, the Wii, PlayStation 3, PSP Go, Lego Mindstorms NXT and recently in some high definition watches, modems and headsets. The technology is useful when transferring information between two or more devices that are near each other in low-bandwidth situations. Bluetooth is commonly used to transfer sound data with telephones (i.e., with a Bluetooth headset) or byte data with hand-held computers (transferring files).

Bluetooth protocols simplify the discovery and setup of services between devices. Bluetooth devices can advertise all of the services they provide. This makes using services easier because more of the security, network address and permission configuration can be automated than with many other network types.

Wi-Fi

Wi-Fi is a traditional Ethernet network, and requires configuration to set up shared resources, transmit files, and to set up audio links (for example, headsets and hands-free devices). Wi-Fi uses the same radio frequencies as Bluetooth, but with higher power, resulting in a stronger connection. Wi-Fi is sometimes called "wireless Ethernet." This description is accurate, as it also provides an indication of its relative strengths and weaknesses. Wi-Fi requires more setup but is better suited for operating full-scale networks; it enables a faster connection, better range from the base station, and better security than Bluetooth.

Bluetooth low energy technology

On December 17, 2009, the Bluetooth SIG announced the adoption of Bluetooth low energy wireless technology as the hallmark feature of the Bluetooth Core Specification Version 4.0. Chip shipments are anticipated to follow closely behind. The first Bluetooth low energy enabled products should be available in 2010.

On April 20, 2009, Bluetooth SIG presented the new Bluetooth low energy technology as an entirely additional protocol stack, compatible with other existing Bluetooth protocol stacks. The preceding naming as Wibree and Bluetooth ULP (Ultra Low Power) has been replaced by the adopted name of Bluetooth low energy technology.

On June 12, 2007, Nokia and Bluetooth SIG had announced that Wibree will be a part of the Bluetooth specification, as an ultra-low power Bluetooth technology. Expected use cases include watches displaying Caller ID information, sports sensors monitoring the wearer's heart rate during exercise, and medical devices. The Medical Devices Working Group is also creating a medical devices profile and associated protocols to enable this market. Bluetooth low energy technology is designed for devices to have a battery life of up to one year.

Security Overview

Bluetooth implements confidentiality, authentication and key derivation with custom algorithms based on the SAFER+ block cipher. In Bluetooth, key generation is generally based on a Bluetooth PIN, which must be entered into both devices. This procedure might be modified if one of the devices has a fixed PIN (e.g., for headsets or similar devices with a restricted user interface). During pairing, an initialization key or master key is generated, using the E22 algorithm. The E0 stream cipher is used for encrypting packets, granting confidentiality and is based on a shared cryptographic secret, namely a previously generated link key or master key. Those keys, used for subsequent encryption of data sent via the air interface, rely on the Bluetooth PIN, which has been entered into one or both devices..

History of security concerns

2001
In 2001, Jakobsson and Wetzel from Bell Laboratories discovered flaws in the pairing protocol of Bluetooth, and also pointed to vulnerabilities in the encryption scheme.

2003
In November 2003, Ben and Adam Laurie from A.L. Digital Ltd. discovered that serious flaws in Bluetooth security may lead to disclosure of personal data. It should be noted, however, that the reported security problems concerned some poor implementations of Bluetooth, rather than the protocol itself.

In a subsequent experiment, Martin Herfurt from the trifinite.group was able to do a field-trial at the CeBIT fairgrounds, showing the importance of the problem to the world. A new attack called BlueBug was used for this experiment. This is one of a number of concerns that have been raised over the security of Bluetooth communications.

2004

In 2004 the first purported virus using Bluetooth to spread itself among mobile phones appeared on the Symbian OS. The virus was first described by Kaspersky Lab and requires users to confirm the installation of unknown software before it can propagate. The virus was written as a proof-of-concept by a group of virus writers known as "29A" and sent to anti-virus groups. Thus, it should be regarded as a potential (but not real) security threat to Bluetooth or Symbian OS since the virus has never spread outside of this system.

In August 2004, a world-record-setting experiment (see also Bluetooth sniping) showed that the range of Class 2 Bluetooth radios could be extended to 1.78 km (1.08 mile) with directional antennas and signal amplifiers. This poses a potential security threat because it enables attackers to access vulnerable Bluetooth-devices from a distance beyond expectation. The attacker must also be able to receive information from the victim to set up a connection. No attack can be made against a Bluetooth device unless the attacker knows its Bluetooth address and which channels to transmit on.

2005
In January 2005, a mobile malware worm known as Lasco.A began targeting mobile phones using Symbian OS (Series 60 platform) using Bluetooth-enabled devices to replicate itself and spread to other devices. The worm is self-installing and begins once the mobile user approves the transfer of the file (velasco.sis ) from another device. Once installed, the worm begins looking for other Bluetooth-enabled devices to infect. Additionally, the worm infects other .SIS files on the device, allowing replication to another device through use of removable media (Secure Digital, Compact Flash, etc.). The worm can render the mobile device unstable.

In April 2005, Cambridge University security researchers published results of their actual implementation of passive attacks against the PIN-based pairing between commercial Bluetooth devices, confirming the attacks to be practicably fast and the Bluetooth symmetric key establishment method to be vulnerable. To rectify this vulnerability, they carried out an implementation which showed that stronger, asymmetric key establishment is feasible for certain classes of devices, such as mobile phones.

In June 2005, Yaniv Shaked and Avishai Wool published a paper describing both passive and active methods for obtaining the PIN for a Bluetooth link. The passive attack allows a suitably equipped attacker to eavesdrop on communications and spoof, if the attacker was present at the time of initial pairing. The active method makes use of a specially constructed message that must be inserted at a specific point in the protocol, to make the master and slave repeat the pairing process. After that, the first method can be used to crack the PIN. This attack's major weakness is that it requires the user of the devices under attack to re-enter the PIN during the attack when the device prompts them to. Also, this active attack probably requires custom hardware, since most commercially available Bluetooth devices are not capable of the timing necessary.

In August 2005, police in Cambridgeshire, England, issued warnings about thieves using Bluetooth-enabled phones to track other devices left in cars. Police are advising users to ensure that any mobile networking connections are de-activated if laptops and other devices are left in this way.

2006
In April 2006, researchers from Secure Network and F-Secure published a report that warns of the large number of devices left in a visible state, and issued statistics on the spread of various Bluetooth services and the ease of spread of an eventual Bluetooth worm.

2007

In October 2007, at the Luxemburgish Hack.lu Security Conference, Kevin Finistere and Thierry Zoller demonstrated and released a remote root shell via Bluetooth on Mac OS X v10.3.9 and v10.4. They also demonstrated the first Bluetooth PIN and Linkkeys cracker, which is based on the research of Wool and Shaked.

Health concerns
Bluetooth uses the microwave radio frequency spectrum in the 2.402 GHz to 2.480 GHz range.[40] Maximum power output from a Bluetooth radio is 100 mW, 2.5 mW, and 1 mW for Class 1, Class 2, and Class 3 devices respectively, which puts Class 1 at roughly the same level as mobile phones, and the other two classes much lower.[41] Accordingly, Class 2 and Class 3 Bluetooth devices are considered less of a potential hazard than mobile phones, and Class 1 may be comparable to that of mobile phones : the maximum for a Class 1 is 100mW for Bluetooth but 250mW for UMTS W-CDMA, 1W for GSM1800/1900 and 2W for GSM850/900 for instance

0 Comments:

Post a Comment