The protocol operates in the license-free ISM band at 2.4-2.4835 GHz. To
avoid interfering with other protocols that use the 2.45 GHz band, the Bluetooth
protocol divides the band into 79 channels (each 1 MHz wide) and changes
channels up to 1600 times per second. Implementations with versions 1.1 and 1.2
reach speeds of 723.1 kbit/s. Version 2.0 implementations feature Bluetooth
Enhanced Data Rate (EDR) and reach 2.1 Mbit/s. Technically, version 2.0 devices
have a higher power consumption, but the three times faster rate reduces the
transmission times, effectively reducing power consumption to half that of 1.x
devices (assuming equal traffic load).
Security
Bluetooth implements confidentiality, authentication and key derivation with
custom algorithms based on the SAFER+ block cipher. In Bluetooth, key generation
is generally based on a Bluetooth PIN, which has to be entered into both
devices. This procedure might get modified slightly, if one of the devices has a
fixed PIN, which is the case e.g. for headsets or similar devices with a
restricted user interface. Foremost, an initialization key or master key is
generated, using the E22 algorithm
The E0 stream cipher is used for encrypting packets, granting confidentiality
and is based on a shared cryptographic secret, namely a previously generated
link key or master key. Those keys, used for subsequent encryption of data sent
via the air interface, hardly rely on the Bluetooth PIN, which has been entered
into one or both devices.
A demonstration of this reduction has been put effort in by Y. Shaked and A.
Wool in . An overview of the most
important vulnerabilities and the most common exploits to those vulnerabilities
is presented in .
Social concerns
2003:
In November 2003, Ben and Adam Laurie from A.L. Digital Ltd. discovered that
serious flaws in Bluetooth security may lead to disclosure of personal data.
It should be noted, however, that the reported security problems concerned some
poor implementations of Bluetooth, rather than the protocol itself.
In a subsequent experiment, Martin Herfurt from the trifinite.group was able
to do a field-trial at the CeBIT fairgrounds, showing the importance of the
problem to the world. A new attack called BlueBug was used for this experiment.
This is one of a number of concerns that have been raised over the security
of Bluetooth communications. In 2004 the first purported virus using Bluetooth
to spread itself among mobile phones appeared on the Symbian OS.
The virus was first described by Kaspersky Lab and requires users to confirm the
installation of unknown software before it can propagate.
The virus was written as a proof-of-concept by a group of virus writers known
as 29A and sent to anti-virus groups. Thus, it should be regarded as a potential
(but not real) security threat to Bluetooth or Symbian OS since the virus has
never spread in the wild.
In August 2004, a world-record-setting experiment (see also Bluetooth
sniping) showed that the range of Class 2 Bluetooth radios could be extended to
1.78 km (1.08 mile) with directional antennas and signal amplifiers.
This poses a potential security threat because it enables attackers to access
vulnerable Bluetooth-devices from a distance beyond expectation. The attacker
must also be able to receive information from the victim to set up a connection.
No attack can be made against a Bluetooth device unless the attacker knows its
Bluetooth address and which channels to transmit on.
| 
