A Crash Course in Bluetooth Security
Since wired devices are connected directly to the mobile device, it is hard to tamper with them unless someone gets very close to the user. Bluetooth devices use waves which can be picked up by anyone. It is important to ensure that anything being communicated through the Bluetooth device (not only voices but commands through button presses) are using secured channels that cannot be intercepted.
The Attackers Approach
Most common security concerns for Bluetooth are eavesdropping and man-in-the-middle (MITM) attacks.
Eavesdropping: Eavesdropping is a passive way where someone listens to the communication between two or more Bluetooth devices.
Man-in-the-middle (MITM) attacks: MITM is a person or device that intercepts communication between two devices and forwards it after reading.
It also needs to be assured that the Bluetooth accessory does not provide a vulnerability to the mobile device. Such a vulnerability can be exploited through bluesnarfing.
Bluesnarfing: Where a Bluetooth accessory can be used to access information usually on the phone like contact information, emails or PTT communication directly through the PTT app. In the worst case scenario, the compromised device’s IMEI is taken and used to re-route any incoming traffic to another device.
It is more difficult to intercept an established connection that went through the five basic security services specified in the Bluetooth standards:
- Authentication: Verifying the identity of communicating devices based on their Bluetooth address. Bluetooth does not provide native user authentication.
- Confidentiality: Preventing information compromise caused by eavesdropping by ensuring that only authorized devices can access and view transmitted data.
- Authorization: Allowing the control of resources by ensuring that a device is authorized to use a service before permitting it to do so.
- Message Integrity: Verifying that a message sent between two Bluetooth devices has not been altered in transit.
- Pairing/Bonding: Creating one or more shared secret keys and the storing of these keys for use in subsequent connections in order to form a trusted device pair.
An attacker would therefore try to disconnect the Bluetooth accessory from the phone forcing the devices to exchange their information to initiate a reconnection.
The National Institute for Security and Technology (NIST) provides an excellent Guide to Bluetooth Security which should be considered for all kinds of Bluetooth devices used in a company including keyboards, mice, headsets and of course, Bluetooth PTT accessories.
Designed for completely different purposes, Bluetooth Low Energy did not derive from Bluetooth BR/EDR. The security considerations were significantly different from one another but since Bluetooth 4.1, the two have become more aligned. This already becomes obvious by the different security and encryption algorithms used by the two Bluetooth standards.
For Bluetooth BR/EDR, there are four security modes while Bluetooth Low Energy has two modes with different sub-levels. Most devices with high security modes are backwards compatible which means they can work with any device but it also means that the device with the lower level will decide the overall security level.
Security Mode 1: These devices are considered non-secure and NIST recommends never using Security Mode 1.
Security Mode 2: Is a service level-enforced security mode, security procedures may be initiated after link establishment but before logical channel establishment.
Security Mode 3: Is a link level-enforced security mode where the security procedures are initiated before the link is established. Therefore, even service discovery cannot be performed until after authentication, encryption, and authorization have been performed. Once a device has been authenticated, service-level authorization is not typically performed by a Security Mode 3 device. However, NIST recommends that service-level authorization should be performed to prevent authentication abuse—that is, an authenticated remote device using a Bluetooth service without the local device owner’s knowledge.
Security Mode 4: Is a service level-enforced security mode using a feature called Secure Simple Pairing (SSP) which is the NIST recommended security procedure for both the local and the remote device.
Bluetooth Low Energy (BLE)
All security modes in BLE are service level-enforced security modes.
Low Energy Security Mode 1 focuses on encryption:
- Level 1 specifies no security, no authentication and no encryption.
- Level 2 requires unauthenticated pairing with encryption.
- Level 3 requires authenticated pairing with encryption.
- Level 4 (added with 4.2) requires authenticated low energy secure connections pairing with encryption.
Low Energy Security Mode 2 focuses on data signing providing strong data integrity but no confidentiality:
- Level 1 requires unauthenticated pairing with data signing.
- Level 2 requires authenticated pairing with data signing.
Essential to the authentication and encryption mechanisms provided by Bluetooth, is the generation of a secret symmetric key which is called Link Key in Bluetooth BR/EDR and Long Term Key (LTK) in Bluetooth Low Energy. Usually there is always a balance to find between convenience and security where a shorter key is easier to exchange but also easier to guess through a brute-force attack. Many pairing processes suffer the same problem but not all of them. Some pairing processes have been almost eliminated and are rarely found in the PTT accessory market, while others, although the most secure and convenient are not fully established yet and not supported by PTT applications.
In this process, the end user needs to enter the same PIN code into both devices. Since very few Bluetooth accessories and PTT accessories have a User Interface (UI) to enter or read a PIN code, this option is not only not available for PTT accessories but also very troublesome and insecure.
Secure Simple Pairing (SSP)
As mentioned above, SSP is a feature of the highest Security Mode 4. It provides several pairing procedures:
- Numeric Comparison: Only works where both Bluetooth devices are capable of displaying a six-digit number and allowing a user to enter a “yes” or “no” response. During pairing, a user is shown a six-digit number on each display and provides a “yes” response on each device, if the numbers match. A key difference between this operation and the use of PINs in legacy pairing, is that the displayed number is not used as input for link key generation. Therefore, an eavesdropper who is able to view, or otherwise capture the displayed value, could not use it to determine the resulting link or encryption key.
- Passkey Entry: Works where one Bluetooth device has input capability, like a keyboard, while the other device has a display but no input capability. In this model, the device with only a display shows a six-digit number that the user then enters on the device with input capability. As with the Numeric Comparison model, the six-digit number used in this transaction is not incorporated into link key generation and is of no use to an eavesdropper.
- Just works: This procedure was designed for situations where at least one of the pairing devices has neither a display nor a keyboard for entering digits, like most PTT accessories. The user is required to accept a connection without verifying the calculated value on both devices, so Just Works provides no MITM protection. Although it is the weakest of all pairing options, this is the de-facto standard for most Bluetooth PTT Accessories. Some devices broadcast a PIN which goes into the direction of a passkey entry but as this PIN can’t be changed, it is always set at “0000” or “000000” and is therefore easy to guess for a MITM.
- Out of Band (OOB): This procedure was designed for devices that support Near Field Communication (NFC) for the purposes of device discovery and cryptographic value exchange. As mentioned above, NFC is very convenient for the end user as it allows devices to pair by simply tapping one device against the other, followed by the user accepting the pairing via a single button push. NFC is also the most secure pairing process possible as it mitigates eavesdropping and MITM attacks.
There are currently very few accessories on the market with displays. Therefore, numeric comparison and passkey entry although secure, are rarely found.
Bluetooth Low Energy provides the same pairing procedures described in SSP. Bluetooth Low Energy devices version 4.0 or 4.1 that do not pair via OOB, should be considered broken because if an attacker can capture the pairing frames, he or she can determine the resulting LTK as it does not use ECDH-based cryptography and provides no eavesdropping protection.
Numeric Comparison is only available for 4.1 and later versions.
Connection / Link Loss Procedures
Bluetooth connections between the PTT accessories and the phones can get lost if one device is switched off, runs out of battery, or goes out of Bluetooth range. If the connection is lost, different things can happen. From the end user’s perspective, the devices should simply reconnect and all functions automatically re-established once both devices are back in range. This is not a given as there are many low cost PTT accessories that fail to do so and some actually create a potential risk.
If the connection is lost, the devices will search for the previously connected device. Initially, the attempts are quite regular but usually the interval becomes longer and longer to save battery as this state can be very power consuming for the device. A Bluetooth accessory should only search for the previously connected device unless being set into pairing mode. However, there are low cost Bluetooth accessories that will start advertising, trying to connect to any available device. For such devices, an attacker could break the Bluetooth connection and then connect to the Bluetooth accessory themself.
There is an additional feature called single bonding providing an additional security level. Bluetooth devices with single bonding enabled can only be paired to a single phone. To pair and connect them to another mobile device, the Bluetooth memory needs to be cleared through a button combination on the PTT accessory. An additional difference between Bluetooth BR/EDR is that low energy pairing results in the generation of a Long-Term Key (LTK) rather than a Link Key if implemented properly. This creates a stronger bonding allowing a very quick reconnection once the lost device goes back into range as the LTK is stored on each device.
For more Bluetooth considerations when selecting accessories for your PTT over LTE solution, download the complete Whitepaper for free!