Bluetooth Version 2.1, which is gradually becoming available in Bluetooth-enabled devices, in some cases is less secure than the previous version, 2.0, said Andrew Lindell, chief cryptographer for Aladdin Knowledge Systems and assistant professor at Bar-Ilan University in Israel, here today at the CSI 2008 Security Reconsidered conference.
Lindell says the password protocol is not secure and can be easily manipulated by an attacker. Key Bluetooth headsets and keyboards are also left unprotected under this new protocol version, which was built to use less power and to lock down Bluetooth devices from man-in-the middle and other attacks. "I found that the password protocol is not secure in the way we would expect. It's secure as long as a one-time password only is used, but that's not mandatory in the specification," Lindell says. "The biggest problem is that it's very easy to get Version 2.1 wrong and hard to [ensure] the implementation is very secure."
When two Bluetooth devices begin their handshake, they advertise their IP address and common names, such as "Andrew" for a PDA, he says. A nearby attacker with a Bluetooth-enabled laptop, for example, would see these devices and advertise itself as "Andrew."
Andrew's laptop sees the two Andrew PDAs and randomly chooses one, he says. "There's one half of a chance that it will get the attacker's laptop," Lindell says. "The attacker doesn't have to catch any traffic in the middle or block any -- it just advertises itself as the other one and hopes to be connected."
And in the Passkey mode of Version 2.1, where Device A and Device B swap secret passcodes, an attacker can get around this level of protection because the new Bluetooth specification doesn't mandate that all devices deploy this level of security. "When devices initiate pairing, they have to exchange I/O capabilities to decide what mode [of security] to use," Lindell says.
So if a device, such as a mouse, does not support this feature, man-in-the-middle protection is not required. "Just because there are these different modes completely opens you up...an attacker can say, 'I only work with legacy pairing,'" and not passkey pairing, he says, to make an unauthorized connection to the device.
Another problem is that passkeys can easily be intercepted and read. With Version 2.1, it takes only 20 computations for an attacker to figure out the password, which was not the case with the previous version of Bluetooth, Lindell says. The main problem with 2.1 here are the fixed passkeys, which can be easily cracked, no matter their length, he says. And user-entered passkeys are also insecure, he says.
A better approach would be a one-time, randomly generated password for Bluetooth devices. But that won't work with devices, like headsets, that don't have displays or interfaces, and adding this feature would likely price them out of range, he notes.
"Bluetooth 2.1, with all of its promises of great security, is made up of multiple protocols" that can be bypassed, Lindell says. "But the bottom line is [Bluetooth manufacturers] can do a reasonable job" securing their devices with it.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message