Bluetooth Attacks

As you probably know, Bluetooth uses a short-range radio signal to provide wireless communications, typically between various personal communication devices such as cell phones and headsets or PDAs. Bluetooth allows you to create a wireless personal area network (WPAN) that can communicate with other Bluetooth devices within a small physical radius (about 10 meters). Bluetooth relies on the use of radio waves and overcomes earlier infrared (IR) technologies that were used for personal communication devices. IR required line-of-sight for communicating with another device and it was a one-to-one connection. Bluetooth overcomes these limitations because it does not require line-of-sight and it allows many devices to communicate simultaneously. Bluetooth limits interference with other radio signals and other Bluetooth devices by limiting its broadcast range to 10 meters and by using a random frequency hopping algorithm. If interference does occur, it would be extremely short-lived since frequency hopping involves changing frequency several times per second.

Let's take a short side-trip to understand how Bluetooth devices communicate with one another so you can better understand the threat. Bluetooth devices "pair up" by exchanging a passkey (depending on the type and level of authentication selected). Once this occurs, the devices have essentially created a personal area network (PAN) in which one of the devices assumes the lead role ("master"). A single device can participate in multiple PANs, creating a scatternet, as shown in Figure 12.4. PAN1 and PAN2 form the scatternet and by design, the hand-held computer could be communicating, via the cell phone with the laptop computer. Since radio signals move through walls, the scatternet can be formed much like a standard wireless network. Some Bluetooth users mistakenly believe that their devices are safe but if you have Bluetooth enabled and you're not actively using it, it's possible your device is part of a scatternet without even knowing it.

