Quantcast
PCWorld.com is upgrading some back-end systems. Some site features, such as user registration, may be temporarily unavailable.
Subscribe to magazine

Bluetooth Backers Offer Security Tips

Users of the wireless technology are urged to take precautions to avoid attacks.

John Blau, IDG News Service

  • 0 Yes
  • 0 No

After two Israeli researchers published a paper earlier this month explaining how security mechanisms in short-range wireless Bluetooth technology could be quickly undermined, members of the Bluetooth Special Interest Group (SIG) are now urging users to take several precautions.

Bluetooth, a radio technology that allows users to exchange data over the airwaves at a distance of around 10 yards, has been a target of intrusion attacks in the past.

Bluetooth security is essentially based on devices generating a secure connection through a pairing process. During this process, a user of one of the devices needs to enter a PIN code, which is used by internal algorithms to generate a secure key. This key is then used to authenticate the devices whenever they connect in the future.

But the findings of the Israeli researchers suggest the technology may be even more susceptible to attack than previously known.

The academic paper puts forward a theoretical process that could potentially "guess" the security setting on a pair of Bluetooth devices, according to the Bluetooth Web site. To do so, the attacking device needs to listen in to the initial one-time pairing process. Form this point, it can use an algorithm to guess the security key and masquerade as the other Bluetooth device.

What is new in this paper, according to the Bluetooth SIG, is an approach that forces a new pairing sequence to be conducted between the two devices and an improved method of performing the guessing process, which brings down the time significantly from previous attacks.

Security Tips

Even though this is an academic analysis of Bluetooth security and not a reported, real-life intrusion, SIG members, which include IBM, Intel, Nokia, Microsoft, and Motorola, want to quickly eliminate any concerns users may have. On the official Bluetooth Web site, the group offers three basic elements of good practice to help safeguard from attack:

  • When pairing devices for the first time, do so in private at home or in the office and avoid public places;
  • Always use an eight character alphanumeric PIN (personal identification number) code as the minimum. The more characters within the code, the more difficult it is to crack;
  • If your devices become unpaired in a public place, wait until you are in a private, secure location before re-pairing them.

Additional tips on how to use Bluetooth wireless technology securely are available online.

  • Recommend this story?
  • 0 Yes
    0 No
 

Featured APC Accessories

  • APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
  • APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.

People who read this also read:

  • 15 Minutes to a Secure Business Get the Secure in 15 toolkit starting with the "15 Minutes Month-at-a-Glance" calendar. McAfee will send you additional tools and tricks to stay protected around the clock.
  • A Buyer's Guide to Data Protection Implementing data protection products and processes can be daunting. Make the right decisions by exploring what is available and what makes sense for your organization. Use this simple guide to evaluate different vendor offerings.

Sponsored Links