Bluetooth is a wireless technology that provides secure, reliable connections between devices. It uses a combination of encryption, authentication, and authorization to protect against passive eavesdropping and man-in-the-middle attacks.
The most secure security mode for Bluetooth devices is Security Mode 4, which uses Secure Simple Pairing (SSP) to generate a secret symmetric key. Bluetooth 4.2 further improves security by introducing the ability to reuse keys generated via Secure Connections on either physical transport (low energy or BR/EDR), as well as by utilizing FIPS-approved algorithms. To reduce interference and transmission errors, Bluetooth uses Frequency-Hopping Spread Spectrum (FHSS) technology. Despite these security measures, Bluetooth is still vulnerable to various attacks, so organizations should take steps to protect their Bluetooth implementations.
Security Mode 4 is the most secure security mode for Bluetooth devices, as it uses Secure Simple Pairing (SSP) and provides authentication, encryption, and authorization.
Bluetooth BR/EDR and Bluetooth low energy use PIN/Legacy Pairing and Secure Simple Pairing to generate a secret symmetric key, which are protected against passive eavesdropping and man-in-the-middle attacks. Bluetooth 3.0 and later versions also use Generic and Dedicated AMP Link Keys to secure connections with IEEE 802.11 AMPs.
The authentication procedure for Bluetooth devices is based on the secrecy of the link key, which is derived during pairing and should not be disclosed. Depending on the type of pairing, either Legacy Authentication or Secure Authentication is performed. Legacy Authentication involves the claimant and verifier exchanging a 128-bit random challenge and a 32-bit response, while Secure Authentication involves the claimant and verifier exchanging two 128-bit random challenges and two 32-bit responses. If the responses match, the authentication is successful.
Bluetooth provides security by enforcing different service security levels, ranging from no security to encryption and authentication. Additionally, Bluetooth allows for user-based authentication and fine-grained access control through the application layers.
Bluetooth 4.2 improves security by introducing the ability to reuse keys generated via Secure Connections on either physical transport (low energy or BR/EDR), as well as by utilizing FIPS-approved algorithms (AES-CMAC and P-256 elliptic curve). Additionally, low energy pairing results in the generation of a Long-Term Key (LTK) rather than a Link Key.
Security Mode 1 Level 4 is the most secure and is recommended for all 4.2 low energy connections. Secure Connections Only Mode is also available to ensure only FIPS-approved algorithms are used.
Key Hierarchy uses a single 128-bit static but random value called Encryption Root (ER) and a 16-bit Diversifier (DIV) unique to each trusted device to generate the secret keys. During reconnection, the remote device sends its EDIV, which is a masked version of DIV, and the local device can then regenerate the LTK and/or CSRK from its ER and the passed EDIV.
The LTK in Bluetooth 4.2 is used to encrypt the link and distribute keys such as the IRK and CSRK, providing improved protection against passive eavesdropping and MITM during pairing.
Bluetooth Low Energy provides confidentiality and authentication through AES-CCM. AES-CCM provides encryption setup to provide confidentiality and data signing to provide authentication.
The LTK is used to generate a secure link between two Bluetooth devices. It is derived from the Intermediate LTK and a keyID using an AES-CMAC function h7.
Security vulnerabilities associated with Bluetooth include using static link keys, weak PINs, lack of MITM protection, no user authentication, and limited security services.
Bluetooth is vulnerable to various attacks such as Bluesnarfing, Bluejacking, Bluebugging, Car Whisperer, Denial of Service, Fuzzing Attacks, Pairing Eavesdropping, and Secure Simple Pairing Attacks. These attacks can allow attackers to gain access to data stored on Bluetooth-enabled devices, send messages, eavesdrop on phone calls, and exploit other services or features offered by the device.
Organizations should implement countermeasures to address specific threats and vulnerabilities, incorporate security policies and awareness-based education, and ensure staff understanding and knowledge of Bluetooth throughout the entire lifecycle of Bluetooth solutions.
Bluetooth reduces interference and transmission errors by using Frequency-Hopping Spread Spectrum (FHSS) technology.