So what does security and reliability mean in the case of Bluetooth?
It means creating a mission-critical operating environment by ensuring secure, fast and always-on communications.
Bluetooth Security: A Brief History
In the early days of the Bluetooth standard, headsets were shipped with strong personal identification numbers (PINs) and all Bluetooth versions used the same pairing process. Yet in the consumer market, pairing issues became the single largest source of customer service calls. While longer PINs increased the security of the pairing process, the administrative overhead of managing PIN information in a multi-user enterprise setting was significant.
To fix the usability issue, manufacturers opted for simple 4-digit PINs such as “0000” or “1234”, making it easier for pairing to
be automated. But this opened up a security weakness in v2.0 and earlier devices, as attackers could easily detect the Bluetooth PIN. Automatic pairing meant that they could pair the device before the legitimate user, gaining unauthorised access to data and eavesdropping on communications.
Security attacks were highlighted in the mainstream media, and these vulnerabilities led to Bluetooth being perceived as insecure. With v2.1, things changed. A new pairing mechanism called Secure Simple Pairing (SSP) was introduced to fix all of the security issues of the previous pairing method without sacrificing usability. Here’s the crucial difference. With SSP, even if a hacker knows the PIN, he is not able to decrypt communications over the Bluetooth link – the encryption algorithm in v2.1 is fully independent of the PIN.technology is everywhere. Originally devised to replace cables, Bluetooth has evolved from the short-range wireless connectivity standard into something much bigger. Since it was first developed in 1994, over 9 billion devices have been shipped and, as every second passes, more than 57 Bluetooth-enabled devices are released to the consumer and enterprise markets.
Fast, secure and always-on communications. These fundamental principles of mission-critical communications underpin the design of reliable two-way radios that provide a lifeline for frontline staff. With the increasing adoption of secure Bluetooth enabled two-way radios, organisations need to invest in technologies that combine the usability benefits of wireless connectivity with uncompromising performance. Making the wrong choices can result in serious information security breaches and communication failures with potentially life-threatening consequences.
Like all wireless technologies, Bluetooth will be susceptible to a range of security vulnerabilities.
Such flaws can subject a user to a diverse set of threats, such as eavesdropping, Man-in-the-Middle (MITM) and denial of service attacks. The good news is that by putting in place a mission-critical operational framework for Bluetooth devices, we can successfully counter threats. The first step in implementing this framework is to ensure secure Bluetooth connections.
Ensure Secure Bluetooth Connections
Among the most serious attacks against wireless technologies are those that result in the loss of confidentiality and data integrity. Specifically, the key security threats here are eavesdropping and man-in-the-middle attacks. To ensure secure Bluetooth connections, these threats must be eradicated.
Critical to preventing eavesdropping is eliminating all possibility of an attacker discovering the link key, which is generated in the device pairing process. By ensuring that all Bluetooth devices support Secure Simple Pairing (SSP), available in Bluetooth v2.1 devices, robust security against eavesdropping is assured.
Ensure that all Wireless Devices Support Bluetooth V2.1 or Later
In addition to eavesdropping, a determined adversary might choose to launch a MITM attack. This occurs when a user unknowingly connects to an attacking device that’s playing the role of the legitimate device. The hacker can eavesdrop on the two devices, interrupt and mimic the authentic communication, and control operation of the valid devices to the extent that they only work when the attacking party is within range. This threat has caused such concern that one of the key goals of the SSP protocol is to prevent MITM attacks.
SSP incorporates a number of protocols called association models to allow pairing between devices with varied input and display capabilities. In particular, the Just Works association model was designed for situations where one of the pairing devices has a limited user interface, as is the case with headsets. Just Works, however, doesn’t offer MITM protection and extra security measures are needed, especially in mission critical applications.
ALWAYS PAIR BLUETOOTH AUDIO ACCESSORIES WITH RADIOS THAT INTEGRATE FAST WIRELESS PTT
In incident response, the difference between what’s said and what’s heard can be life-changing. Consider the impact of the command being received incorrectly. To ensure the safety of two way radio users, immediate communication is vital. For this reason, low latency (delay) remains a core attribute of mission critical voice services demanded by public safety professionals.
- YOU’RE HEARD. INSTANTLY – Based on a survey of professional users, mission-critical voice services must achieve call setup times of less than 500ms and end-to-end audio delays of less than 1s. These same requirements must be satisfied when Bluetooth audio is used.
- RAPID RESPONSE – As the majority of Bluetooth devices operate on battery power, the standard includes important power-saving mechanisms to ensure extended operation. Sniff mode is one such mechanism for audio headsets. Sniff mode suspends Bluetooth radio communications between paired devices but maintains continuous contact, while listening for specific commands that occur periodically. It reduces battery power consumption in the radio and in the headset as the receiver can be put into standby between sniff cycles.
However, there is a flip side to the power saving. Push-to-talk (PTT) requires an immediate response and the scheduled transmission absences in sniff mode can also introduce delays in transmitting a PTT request to the radio. Depending on the manufacturer’s setting of the sniff_interval parameter, delays of greater than 500ms can be introduced, decreasing PTT button responsiveness and potentially endangering the user.
For mission critical applications, Bluetooth audio connections need to be configured to:
- Maximise PTT Responsiveness
- Guarantee Very Short Call Setup Times
- Minimise Transmission Delays
Motorola Solutions strongly encourage you to select a vendor with mechanisms to minimise the variability in PTT response times, while ensuring extended battery operation.
The first line of defence is always to provide knowledge and understanding about security threats among users of Bluetooth enabled devices. The increased awareness about security vulnerabilities should also be complemented by a centralised security policy and operational practices.
By combining the countermeasures with a robust security policy, frontline staff will benefit from secure, fast and always-on communications – keeping them safer and enabling them to perform at their best.
Motorola Solutions offer their own EP900ew Bluetooth Earpiece which is compatible with a number of Motorola Solutions two-way radios and products. Read more about this earpiece here>
Let’s work together – Contact Radiocoms Systems Ltd:
> Connect with us
Connect with your Account Manager and
our team on LinkedIn here
Source: Motorola Solutions White paper.