28
Bluetooth – No Guts N Gl ! No Glory! Jeff Dowley Jeff Dowley [email protected]

Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

  • Upload
    others

  • View
    7

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

Bluetooth – No Guts N Gl !No Glory!Jeff DowleyJeff [email protected]

Page 2: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

Overview• What is Bluetooth?• What is Bluetooth?• How does it work?• What are the different types of Bluetooth?yp• What can you do with Bluetooth?• What are the predictions for next generation

d ddevices and uses?• What are the security issues of Bluetooth?

Page 3: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

What is Bluetooth?

• Bluetooth wireless technology is built into• Bluetooth wireless technology is built into electronic gadgets and lets you share information like voice, music, and videos

i l lwirelessly.– 1st hoped to replace wires on phone, small

electronicselectronics• 2.4 Ghz and 5.0 GHz Radio waves, not infra-

red or laser. Design goal is up to 10 meters (33 ft) f Cl 2 (2 5 W) d i(33 ft) for a Class 2 (2.5mW) device

Page 4: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

– 1st discovered by the military in the 1940's1st discovered by the military in the 1940 s– Bluetooth invented in 1994 at Ericsson

(Sweden), in 98 a SIG was started– Named after a 10th C Danish king that was

a uniter of Scandinavian lands• PAN personal Area Network• PAN - personal Area Network

– 7 nodes with 16.7M slaves?• Bluetooth PAN moves with you - no otherBluetooth PAN moves with you no other

infrastructure or access point needed

Page 5: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

• Pairing - connecting 2 Bluetooth devices• Pairing connecting 2 Bluetooth devices– Multiple devices can pair at the same time– Legacy pairing - each device uses a PIN g y p g

code which must match to pair• PIN can be up to a 16-byte UTF-8 string• But usually 4 digit number• But usually 4 digit number

• Bluetooth chips cost less than $3

Page 6: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

How does it work?

The protocol operates in the license-freeThe protocol operates in the license-free ISM band at 2.402-2.480 GHz.[28] To avoid interfering with other protocols g pthat use the 2.45 GHz band, the Bluetooth protocol divides the band into 79 channels (each 1 MHz wide) and changes channels up to 1600 times per secondsecond.

Page 7: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

Implementations with versions 1 1 andImplementations with versions 1.1 and 1.2 reach speeds of 723.1 kbit/s.

Version 2 0 implementations featureVersion 2.0 implementations feature Bluetooth Enhanced Data Rate (EDR) and reach 2.1 Mbit/s.

Technically, version 2.0 devices have a higher power consumption, but the three times faster rate reduces the transmission times, effectively reducing

ti t h lf th t f 1power consumption to half that of 1.x devices (assuming equal traffic load).

Page 8: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

• Bluetooth powered by a PC can reach up to• Bluetooth powered by a PC can reach up to 100m if it is a Class 1 transmitter (100mW)– If a class 2 device pairs with a class 1

device, it may have a longer range than a pure class 2 pair

• Bluetooth sniping with class 2 and special• Bluetooth sniping with class 2 and special antennas lead to a record of 1.08 miles for a connection

Page 9: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

• SDP (Service discovery protocol)• SDP (Service discovery protocol)• Allows a device to discover services support by

other devices, and their associated parameters. For example, when connecting a mobile phone to a Bluetooth headset, SDP will be used for determining which Bluetooth be used o dete g c uetootprofiles are supported by the headset (Headset Profile, Hands Free Profile, Advanced Audio Distribution Profile (A2DP) etc ) and theAudio Distribution Profile (A2DP) etc.) and the protocol multiplexer settings needed to connect to each of them. Each service is identified by a Universally Unique Identifier (UUID), with official services (Bluetooth profiles) assigned a short form UUID (16 bits p ) g (rather than the full 128)

Page 10: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

Bluetooth – many flavors – 1st byte

• Who's in charge of the spec?• Who s in charge of the spec?– Bluetooth SIG

• Bluetooth v2.0 + EDR (enhanced data rate) -Nov 2004– 1-3Mbps over the air

0 7 2 1Mbps device to device– 0.7-2.1Mbps device to device– Up to 3x faster than spec 1.2– Extended Inquiry response (EIR) - better info q y p ( )

to use when allowing to pair or deny pairing of devices

Page 11: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

– Rare to be slowed by # of activeRare to be slowed by # of active devices (unlike Wi-Fi)

– Either 64bit or 128bit security layery y– 100ms Latency– Uses less power than v1.2 - by reducing p y g

the duty-cycle• Phones

Page 12: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

• Bluetooth v2 1 + EDR - July 2007• Bluetooth v2.1 + EDR July 2007• Introduces new pairing paradigm

– Secure Simple Pairing (SSP)p g ( )• Uses public key cryptography• Just works - ex are headsets (no keypad)• Numeric comparison - Matched 6-digit PIN• Numeric comparison - Matched 6-digit PIN• Passkey entry and Out of band

• Sniff subrating - lowers power use by negotiating as infrequent as 10 sec between polls

• Example hardware:• Example hardware:– Wii, PS3, and PSP Go wireless game

controllerscontrollers

Page 13: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

• (MoGo Mouse X54 Pro) for• (MoGo Mouse X54 Pro) for ExpressCard/54 Laptops

Page 14: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

Experience IconsExperience Icons • Bluetooth Experience Icons help you

easily identify and buy compatibleeasily identify and buy compatible products that use Bluetooth wireless technology. The Icons make it simple to gy punderstand what a Bluetooth enabled device can do and how it will work with th d i f i ti filother devices for printing, file

transferring, listening to stereo audio and moreand more.

Page 15: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

• Headset• Headset

• Music• Music

P int• Print

I t• Input

• Transfer

Page 16: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

Bluetooth for today – v3.0 + HS

• Ratified in Apr 2009• Ratified in Apr 2009• Uses 2.4 and 5.0 GHz• Main feature is AMP - alternate MAC/PHY - this /

allows using WiFi• Connection is set up and negotiated over

Bluetooth stdBluetooth std• Bluetooth using secondary (Wi-Fi) radio

already in a devicey• OTA data rate: up to 54Mbps• Application throughput: up to 24Mbps

Page 17: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

• 128bit AES security layer• 128bit AES security layer• Only uses Wi-Fi when needed and isn't

announced when not neededannounced when not needed• Saves on power use• More secure• More secure• Less than 100ms latency• Lower power consumption than• Lower power consumption than

Bluetooth v2.1• Enhanced power control• Enhanced power control

Page 18: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

Cool 3 0 + HS examplesCool 3.0 + HS examples• Bulk data transfer = updating your iPod

music catalogmusic catalog• Send photos to a printer w/o

intermediate stepsintermediate steps• Video streaming• Send video from video cam corder to• Send video from video cam corder to

your TV• To role player googles? - imersionTo role player googles? imersion

Page 19: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

Bluetooth for tomorrow – v4.0 & LEP

• New Bluetooth Core Specification v4 0• New Bluetooth Core Specification v4.0– Adopted 17dec09– Class 3 (1mW)( )

• Low energy protocols– Way to tie your phone to you via a 'key fob'

l k dlike device– Way to tether a kid to being near you - else

a warning beep for out of rangea warning beep for out of range– Create a link between you and work out

monitors(pulse, pedometers, etc)

Page 20: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

– 1st products before end of '101st products before end of 10– Coin cell batteries may last for years of use

(like garage door openers?)

• Examples of 4.0 devices:– Expected use cases include watches

displaying Caller ID information, sports sensors monitoring the wearer's heart rate during exercise and medicalrate during exercise, and medical devices.

– The Medical Devices Working Group is g palso creating a medical devices profile and associated protocols to enable this

k tmarket.

Page 21: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

- Bluetooth low energy technology is- Bluetooth low energy technology is designed for devices to have a battery life of up to one year.p y

• May need to install Bluetooth sw stack to get BT between PC and deviceg– Bluetooth not built in to Windows XP

• Added to SP2

Page 22: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

Security – everybody’s favorite!Safe Bluetooth recommendationsSafe Bluetooth recommendations• Don't link to unknown Bluetooth devices• Do change the default name used to broadcast g

your Bluetooth status• It could keep someone from knowing your

device's weaknessdevice's weakness• You may want to consider AV sw for your

phone/pda/devicep /p /

Page 23: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

• Do change the pairing code (PIN) away from• Do change the pairing code (PIN) away from default

• Remember to delete any access if a Bluetooth device is lost

Bluecasting a Bluetooth server in a• Bluecasting - a Bluetooth server in a bluetooth kiosk sends data to passers-by

• Temples in India can offer ringtones, wallpaper p g , p pimages of deity's, etc

• Could lead to Bluejacking - the sending of unsolicited messages over Bluetooth (cof unsolicited messages over Bluetooth (c 2003)

Page 24: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

– Bar room prankBar room prank– Guerrilla advertizing campaigns

• Used to be only text, but can now be any kind of file– Ex: vBusiness cards

Example programs are bluesniff bloover• Example programs are bluesniff, blooverCould lead to Bluesnarfing - the unauthorized

access of information from a wireless device through a Bluetooth connection– No known code doing this at this time -

mo e se io s than Bl ejackingmore serious than Bluejacking– A hole in the original Bluetooth std allowed

this, but has since been patched, p

Page 25: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

Could lead to Bluebugging - more of a socialCould lead to Bluebugging more of a social networking thing - cons user into pairing with a hacker's device - which then could use your d i ith t l ( 2004)device without your approval (c 2004)– takes control of your device and can either

listen in or make calls, etc (c 2004)ste o a e ca s, etc (c 00 )• There have been real viruses aimed at

Bluetooth, but for the most part few of them h b i th ild (L A 29Ahave been in the wild (Lasco.A, 29A, velasco.sis file, cabir worm)

• One use of auto linking was for thieves to scanOne use of auto linking was for thieves to scan locked cars in parking lots to look for laptops and other devices inside and worth stealing

Page 26: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

Tips to protect your dataTips to protect your data• Non-Discoverable Mode

To prevent others from seeing your– To prevent others from seeing your device, you can set it to a non-discoverable mode. You can still use your Bluetooth services, like talking on a headset, but your device will not be found by other Bluetooth devicesfound by other Bluetooth devices.

• Only Pair with Known DevicesDon't "pair" with unknown devices Just– Don t pair with unknown devices. Just like you would not open your door to a stranger, do not accept content or pair g , p pwith devices from unknown users.

Page 27: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

• Change your PIN• Change your PIN– Pair your device in private to make the

permanent connection. And if your device ith d f lt P l Id tifi ticomes with a default Personal Identification

Number (PIN), change it to only one you know.

• May want to keep Bluetooth off on phones to save on battery life

Page 28: Bluetooth – No Guts NGl !No Glory! · • SDP (Service discovery protocol)SDP (Service discovery protocol) • Allows a device to discover services support by other devices, and

The End