Bluetooth's bite is missing a few teeth
The Bluetooth wireless networking standard is named for King Harald Bluetooth, who unified Denmark and Norway. A glance at a map of Scandinavia today will tell you that unification didn't take. Apparently, the king's security wasn't good enough.
The same thing is being said of his wireless namesake.
Bluetooth has built-in security at the link level, including frequency hopping over 79 channels'23 in Europe'and key generation for authentication and encryption.
But Markus Jakobsson and Susanne Wetzel, researchers at the Bell Labs Information Sciences Research Center in Murray Hill, N.J., have found vulnerabilities in the specification that could let intruders steal keys to eavesdrop on or impersonate devices.
The risks so far are minimal because the technology is in its commercial infancy. Only a handful of Bluetooth PC Cards, headsets and wireless phones are on the market.
The problem is that the technology, which works up to about 30 feet, was developed as a wireless alternative to cables for mobile devices and peripherals, said Susan Payne, director of Bluetooth business development at Certicom Corp. of Hayward, Calif.
'The driving force behind Bluetooth remains cable replacement,' Payne said. Relatively stationary wireless connections could be secured adequately. But for mobile computing through public access points, 'the requirements change dramatically,' she said.
Bluetooth connections, once established, exchange symmetric keys'if not in the clear, at least with a low level of security. By breaking a personal identification number during the key exchange, an eavesdropper could figure out a device's unique key, unravel encryption and predict frequency-hopping patterns.
Once a device was compromised, a nearby intruder could listen in on phone exchanges, hijack sessions, even alter documents on the way to a printer.
A hacker would need a good understanding of Bluetooth and would have to be in the right place at the right time'within 30 feet, after all.
But even the possibility of a compromised link between two devices could invalidate all other security measures.