Quantcast
Subscribe to magazine

Bluetooth Backers Offer Security Tips

Users of the wireless technology are urged to take precautions to avoid attacks.

John Blau, IDG News Service

  • 0 Yes
  • 0 No

After two Israeli researchers published a paper earlier this month explaining how security mechanisms in short-range wireless Bluetooth technology could be quickly undermined, members of the Bluetooth Special Interest Group (SIG) are now urging users to take several precautions.

Bluetooth, a radio technology that allows users to exchange data over the airwaves at a distance of around 10 yards, has been a target of intrusion attacks in the past.

Bluetooth security is essentially based on devices generating a secure connection through a pairing process. During this process, a user of one of the devices needs to enter a PIN code, which is used by internal algorithms to generate a secure key. This key is then used to authenticate the devices whenever they connect in the future.

But the findings of the Israeli researchers suggest the technology may be even more susceptible to attack than previously known.

The academic paper puts forward a theoretical process that could potentially "guess" the security setting on a pair of Bluetooth devices, according to the Bluetooth Web site. To do so, the attacking device needs to listen in to the initial one-time pairing process. Form this point, it can use an algorithm to guess the security key and masquerade as the other Bluetooth device.

What is new in this paper, according to the Bluetooth SIG, is an approach that forces a new pairing sequence to be conducted between the two devices and an improved method of performing the guessing process, which brings down the time significantly from previous attacks.

Security Tips

Even though this is an academic analysis of Bluetooth security and not a reported, real-life intrusion, SIG members, which include IBM, Intel, Nokia, Microsoft, and Motorola, want to quickly eliminate any concerns users may have. On the official Bluetooth Web site, the group offers three basic elements of good practice to help safeguard from attack:

  • When pairing devices for the first time, do so in private at home or in the office and avoid public places;
  • Always use an eight character alphanumeric PIN (personal identification number) code as the minimum. The more characters within the code, the more difficult it is to crack;
  • If your devices become unpaired in a public place, wait until you are in a private, secure location before re-pairing them.

Additional tips on how to use Bluetooth wireless technology securely are available online.

  • Recommend this story?
  • 0 Yes
    0 No

Print 65% more pages than with refilled inks. Trust Original HP Inks. Hit Print Reliably.

Featured APC Accessories For Your System
10% Off Entire Cart at Online Store

  • APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
  • APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.

People who read this also read:

  • 2007 Microsoft Office Suites Comparison This paper compares and contrasts four suites of the 2007 Microsoft Office system: Microsoft Office Standard 2007, Microsoft Office Professional Plus 2007, Microsoft Office Enterprise 2007 and Microsoft Office Ultimate 2007. This paper is intended to help organizations understand the applications and capabilities offered, and to identify the suite that best fits their needs.
  • Windows Vista Migration: The Business Proposition It's not so much a matter of "if" but "when" for most organizations regarding migration to Windows Vista. Laying the groundwork now for this migration can yield higher ROI than waiting until later. This Computerworld Technology Briefing explains it all.

PC World's Marketplace