Subtitles of the Movie

Now that we've talked about some of the Bluetooth security features, let's look at some of the Bluetooth security weaknesses. Unfortunately, Bluetooth has some of the same security weaknesses found in the 802.11B standard. First of all, there's no defined process for managing issue, validation, or revoking of the link keys. It has some of the same shortcomings in encryption and authentication protocols the B standard has as well, particularly weak key strength, repetition of initialization vectors and so forth. There also have been various vulnerabilities discovered by penetration testers in the Bluetooth protocol stack that can be exploited and, uh, allow hackers or malicious users to eavesdrop on Bluetooth communications, intercept them, sniff them and even replay them back. The encryption authentication mechanisms can be overcome and unfortunately, by default, encryption and authentication isn't necessarily required for communication between the devices. So you could configure a Bluetooth device and its transmitter and receiver incorrectly and there would be no encryption at all, making it easier for someone to eavesdrop on those communications. By default, broadcast traffic is not encrypted, so even if you encrypt some of the traffic between Bluetooth devices, broadcast traffic may not be encrypted by default, so you might want to go in and take a look at this and make sure it's changed so that even broadcast traffic is encrypted. An additional weakness is that service discovery, if set incorrectly, allows services to be enumerated and discovered on another Bluetooth device by default. You want to make sure you go in and set this so this does not happen, especially if you're talking with Bluetooth devices such as PDAs and laptops. Now, Bluetooth traffic, as I said before, is very easily susceptible to sniffing and spoofing so whatever security measures you can take, such as configuring authentication, configuring, uh, encryption, make sure you take those steps.