• Home
  • Article
  • Let's think about the vulnerability of Bluetooth communication
By, smartwatches 12/12/2022

Let's think about the vulnerability of Bluetooth communication

This article re -edit "Is there a security risk in Bluetooth communication" published in the "Cyber Security Information Bureau" provided by Canon Marketing Japan?

 Bluetooth communication is a standard for short -range wireless communication, and is used in various devices due to the advantages of "pairing" and power saving and cost -saving costs.The threat of cyber attacks is also related to the increase every year.In this article, I will explain in detail the structure of Bluetooth communication, risks, and how to use it safely.

What is Bluetooth communication?

 Bluetooth communication is a short -range wireless communication method for wirelessly connecting devices.This is an international standard specified by IEEE (Eye Triple Ei / U.S. Electric and Electronic Society), and the official name is "IEEE 802.15.1 ".In 1999, it was formulated by Ericsson, Intel, IBM, Nokia and Toshiba.First version 1.After some version upgrade from 0, it is currently version 5.2 is the latest (as of June 2021).

 Bluetooth has types such as "Bluetooth Br / EDR", "Bluetooth + HS", and "Bluetooth Low Energy (BLE)" by communication method.Each feature is as follows.

・ Bluetooth Br / EDR

 Bluetooth Br/EDR is a communication method formulated when the standard is born.BR is an abbreviation for "Basic Rate" and EDR is "Enhanced Data Rate".It is called "BR/EDR" to distinguish it from the later communication method.

・ Bluetooth + HS

 Bluetooth + HS HS is an abbreviation of "High Speed", and is a Bluetooth communication standard that allows high -speed communication of 24Mbps by using the wireless LAN communication method.It was announced in April 2009.Bluetooth + HS and Bluetooth Br / EDR are sometimes called "Bluetooth Classic" because they are clearly distinguished from the Bluetooth Low Energy introduced below.

・ Bluetooth Low Energy (BLE)

 Bluetooth Low Energy (BLE) is a standard for Bluetooth communication operating by power saving.Version 4.It was implemented from 0.Until then, Bluetooth communication was also a power saving, but BLE has further reduced power consumption.Taking advantage of its performance, including smartphones such as the iPhone, it is also used for small sensors called beacons.

 According to Bluetooth Sig (Special Interest Group), a non -profit organization that summarizes Bluetooth technology, the annual BLUETOOTH device is expected to be about 4.2 billion units, which is expected to reach 6.2 billion units in 2024. ing.

Difference between Bluetooth and Wi-Fi

 Like Bluetooth, there is Wi-Fi as a commonly used wireless communication system.Wi-Fi is also a standard for wireless communication, and the official name is "IEEE 802.11 ".As you can see from the official name, it is an international standard formulated by IEEE.

 The major difference between Bluetooth and Wi-Fi is the speed and the communication distance.While Bluetooth is assumed to be used for a few meters, Wi-Fi is formulated in anticipation of long-distance communication such as 50 to 100m.

 Also, while the communication speed is Bluetooth up to 24Mbps, Wi-Fi has a great difference between several Gbps.Instead, power consumption and development costs are dominant in Bluetooth.Due to these characteristics, Bluetooth is used for a wide range of purposes, such as in -vehicle systems, control systems and surveillance systems, besides mobile devices such as smartphones.

What is Bluetooth pairing?

 "Pairing" is a characteristic technology of Bluetooth, which sets it apart from other communication standards.Due to the pairing mechanism, the device that has been authenticated with each other can be connected automatically by simply turning on the power from the next time.There are many devices used in PC peripherals, such as headsets and mice.

 Pairing is a technology called "Sharing of Crypto Key".In Bluetooth communication, the encryption key (passky) generated on the device side is saved on both devices.Then, by inquiring the encryption key at the time of connection, the safety of the connection is ensured.

As mentioned earlier, Bluetooth has multiple versions, but version 4.In 1, security has been enhanced by implementing a mechanism to check the communication status to see if encrypted communication is properly performed.By regularly checking the status of encryption, the abnormality of the encryption key can be detected.Furthermore, the following version 4.In 2, the procedure of the cryptocation key is more complicated and sophisticated.Bluetooth communication makes its security more robust while upgrading.

Bluetooth security risk

 Due to the benefits of power saving and cost savings, Bluetooth, which is widely permeated in our lives, is also a common stone that many users use is likely to be targeted by cyber attackers.Although security is enhanced with each version upgrade, attacks aimed at Bluetooth vulnerabilities are actually occurring.I want to introduce some.

1) Blueborne

 Blueborne is a general term for Bluetooth vulnerabilities published in September 2017.The name BlueBorne is derived from "Airborne (spreading in the air)".If a cyber attacker abuses this vulnerability, it can be connected to the device without using a pairing mechanism, and it may be damaged by malware infection, taking over, and the stealing of personal information.

 After the vulnerability was discovered, corresponding updates were provided, but communication with unpotted devices remains risk.At the time the vulnerability was discovered, it was said to have affected about 5.3 billion Bluetooth devices worldwide.

2) KNOB attack

 KNOB attack is an attack method named from the acronym "Key Negotiation of Bluetooth".In August 2019, a vulnerability of Bluetooth Br / EDR encryption technology was discovered.If you abuse this vulnerability, you can forcibly limit the cryptographic key to one byte.Therefore, it is possible to easily identify the encryption key by the Blue Force attack.

 Once the encryption key is identified as an attacker, it will be possible to eavesdrop on communication content, and a third party can steal information such as images and files delivered between devices.This vulnerabilities later provided security patches from Microsoft and Apple.

3) BlueFrag vulnerability

 BlueFrag is a vulnerability reported in February 2020.This vulnerability is a vulnerability in Android, Android 8.Series 0, 8.Series 1, 9.The existence in the 0 series has been confirmed.

 If Bluetooth is enabled with this vulnerability device, a nearby attacker can guess the device's MAC address and access it illegally to take over the device management authority, and any code.You can execute and steal information.The security patch has already been released.

4) Apple Bleeee

 Apple Bleee is a Bluetooth vulnerability in Apple products, reported in July 2019.This is an explosion of specifications that can be transmitted and received by BLE (Bluetooth Low Energy) implemented on the iPhone and the like.

 With this vulnerability, the attacker can steal the target phone number and iOS version.Pay attention to iPhone 5s or later or iOS 11 or higher.

To use Bluetooth safely

 Bluetooth is expanding its use of its high convenience and ease of implementation, and the risk of vulnerabilities is increasing.In order to make security robust, Bluetooth technology is always updated, but the risk of attackers will continue to follow.In the future, I would like you to be aware of the following two points in order to use Bluetooth safely.

1) When unnecessary, turn off Bluetooth

 If Bluetooth is turned off in the first place, the attackers around you will not be able to get it.I want to keep this principle in mind and turn on Bluetooth at all times, but only when needed.

2) Update the device

 If a vulnerability is discovered, a security patch is provided by each vendor.The risk can be reduced by updating the device promptly and keeping it up to the latest state.

 However, in the case of an old device that has expired, the risk will remain because the vendor may not be updated.Therefore, it is recommended that you choose a new device with the support period.You should be aware that there is no 100 % security in cyber security.In particular, I want you to be conscious of the device update as a basis for security measures.

■ Related site

Search

Category

Hot Articles

wwwaap, SNS character's No. 1 overseas producer Quon and management integration | Warp press release
16/04/2022

wwwaap, SNS characte...

The 680th: What is Wi-Fi Calling-Keitai Watch Watch
14/03/2022

The 680th: What is W...

Allemagne : pourquoi les chats doivent-ils être confinés pendant 3 mois?
28/06/2022

Allemagne : pourquoi...

Unlimited capacity of "Google Photos" is about to end!The secret trick to keep using without worrying about the capacity --Yajiuma no Mori --Window Mori
19/04/2022

Unlimited capacity...

More fun & safe!Why smart watches are convenient for beginners to climb (Suits-woman.jp) --Yahoo! News
14/03/2022

More fun & safe!Why...

Can Google's Wear OS integrate with Tizen to break the stronghold of Apple Watch: Nikkei Cross Tech Active
26/03/2022

Can Google's Wear OS...

The homebrew industry in 2022 also has a feeling of turmoil !? What happens to the CPU and GPU? What to buy "PC self-made New Year's talk" will be held! From 21:00 on January 5th (Wednesday) -Remodeling stupid & KTU appearance
15/03/2022

The homebrew indust...

Kyuzan raises 260 million yen from Z Venture Capital / ANRI | Kyuzan press release
18/04/2022

Kyuzan raises 260 mi...

payment-image

Copyright © 2023 smartwatches.blog. All rights reserved.