Security challenges for Bluetooth and ZigBee WPAN technologies

One would think given the short range, low power and low data rates offered by WPAN technologies such’s as Bluetooth and ZigBee devices that it would not present much of a security concern, yet they are still prone to attacks as they can allow hackers a backdoor into certain networks.

ZigBee has the ability to use symmetric encryption algorithm meaning they use the same key to encrypt and decrypt. Bluetooth devices also have encryption options available however due power saving features, slow on-board CPU’s as well as the extra overhead generated by the encryption process. Encryptions ends up being rarely used, so when devices are joining and establishing connectivity all data is sent in clear text and is readable on the air waves for anyone in close proximity with the right tools to capture and decode.

ZigBee uses two types of symmetric keys for encryption: the network and link key.

When a device requests a link key to setup a secure connection between device in the piconet. A link key which is based on the network key is generated and encrypted with the network key, this must occur before the trust centre (PNC) distributes it to other devices on the piconet. This method allows vulnerability to the lower layers as it only applies to layer 7 (Application layer).

Bluetooth devices use a mechanism called pairing, which is a two-step process that enables the discover and connection of nearby devices. The Pairing process allows hackers with opportunity to discover and transmit unsolicited message to devices in close proximity this type of attack is known as bluejacking.

Another attack known as Bluesnarfing also leverages of the pairing process, enabling hackers access to information contained within personal smart devices, this type off attack can occur without the knowledge of the owner, if the user has enable certain settings on the device.

Bluetooth devices are prone to a very common security threat across all communication technology platforms called Denial-of-service (DoS) this attack renders the device useless as it not able to process all the malicious information that is being sent to it.

Bluetooth devices present many security concerns, not only from their own security vulnerabilities but it also allows hackers to user Bluetooth device for their own gain. Given their small form factor, low cost of manufacture, a hacker could easily plug a USB Bluetooth device into the back of a desktop without a user being aware, and given small form factor, low power and use of FHSS it makes them hard to discover or located, even with a spectrum analyser one would still have to in closer proximity of the device and be able to identity the signal pattern.

Another security concern is jamming of the RF spectrum, given both technology operate in the 2.4GHz band a hacker may not want to steal information but render the devices un-reusable but deploying a wireless jammer, commonly known as an ‘Air horn’.

A hobbyist company called Hak5 www.hak5.org makes devices that have the potential to be used for malicious reason if in the wrong hands, in particular it has Bluetooth packet sniffer https://hakshop.com/products/ubertooth-one this could be used to capture and decode frames for malicious reason.

L. Olenewa (2014). Guide to Wireless Communication (Third Edition). Boston: CENGAGE Learning

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s