My family bought a new, 2015 Subaru this year. In a market as competitive as automobile sales, car manufacturers are continually looking to one-up each other by adding more technology and integration options. A perfect example was our test drive. As soon as the car started, the in-dashboard “infotainment” system discovered my cell phone via Bluetooth and offered to pair with it. With a single press of a button, I was able to stream music from my phone, advance songs, and take phone calls right over the car speakers using built-in controls on the steering wheel. The convenience of Bluetooth allowed for a more enjoyable and safer driving experience and was definitely a factor in our ultimate decision to purchase the car.
The skeptic in me, however, suspects that something this slanted towards ease of use cannot be overly secure. It is also interesting that Bluetooth authenticates one device to another – there is no contextual user authentication component for whoever may possess the device. Anything sending data through the air is trivial to capture when in the proper range. According to the SANS Institute, Bluetooth’s effective range can be anywhere from 30 to 300 feet depending on the class of the device. The protocol itself has seen rapid expansion with numerous major revisions over the past 15 years. To wit, the more capable something is, the bigger its codebase becomes which increases the potential for issues and vulnerabilities.
An Evolving Target for Evolving Marksmen
Since its inception, Bluetooth has offered up an intriguing target for hackers. Bluetooth version 1.0 and 1.0B had numerous security issues as illustrated in the original Security Weaknesses in Bluetooth publication by Jakobsson and Wetzel. More recently in 2007, Andreas Becker published a compendium of known BT attacks and hacks. According to Wikipedia, even up through version 2.1, channel encryption was not required and could be disabled at any time. Version 4.2 is the most recent and while the specification has put significant focus on throughput and lowering power consumption, there have been fewer published vulnerabilities as the protocol has matured.
There are security products available today that utilize Bluetooth as a 2nd factor authentication device and we here at PistolStar have begun researching its viability as a potential authentication method in PortalGuard. Being an early adopter in the security space rarely pays off. More mature approaches are better vetted and tested. An approach like contextual user authentication leverages a user’s IP address or consistent use of the same device to scale the level of required authentication. This premise is user friendly and works across both old and new devices. In today’s world, a documented breach or vulnerability is only proof of the first time the world becomes aware of a problem. What is only tacitly acknowledged is that the vulnerability may have offered months or even years of undetected, illicit use prior to the disclosure.