Bluetooth Security Measures on TimeTec BLE & IoT Product
What is Bluetooth? Bluetooth is a wireless radio specification designed to replace cables as the medium for
data and voice signal between electronic devices. The specification is defined by the Bluetooth Special
Interest Group which is made up of over 1000 manufacturers. It is intended primarily for mobile devices and
priority design for small size, low power consumption and low costs.
What is Bluetooth Low Energy (BLE)? Bluetooth Low Energy (BLE) is the enhanced version of the classic Bluetooth
technology. BLE is being talked about a lot in recent times within the IT and mobile industry. In recent
years, high number of BLE applications has been launched in various industries such as for healthcare,
smart home automation, security, retail, warehousing, advertising and etc.
BLE is energy saving compared to the classic Bluetooth and it can be used for various applications. For
instance, BLE wireless protocol allows any nearby BLE compatible devices to communicate with smartphone,
tablet or smartwatch to trigger the functionality in the application. For example, to lock or unlock
your doors using your smartphone, monitoring your heartbeat using your smartwatch or tracking your lost
items such as keys or wallet using a smartphone app.
The difference between Classic Bluetooth
and Bluetooth Low Energy (BLE)
In summary, Bluetooth and BLE are used for very
different purposes. Bluetooth can handle a lot of data, but consumes battery life
pretty quickly and it costs a lot more. BLE on the other hand is used for
applications that do not need to exchange large amounts of data, and can therefore
run on battery power for years at a cheaper cost. BLE 4.0 first hit the market in
2011, followed by BLE 4.1 in 2013 and BLE 4.2 in 2014.
BLE 4.2 provides a
data rate of up to 1 Mbps while consuming just 0.01 to 0.5 watts which is one third
of the speed of Bluetooth Classic and consuming half the power.
Below is a
clear picture of Bluetooth comparison:
Low (less than 30 mA)
Very Low (less than 15 mA)
50 meters( 150 meters in open field)
RF Frequency Band
79 channels from 2.400 GHz to 2.4835 GHz with
1 MHz spacing
40 channels from 2402MHz to 2480 MHz (includes
3 advertising and 37 data channels)
GFSK (modulation index 0.35) , π/4 DQPSK,
GFSK (modulation index 0.5)
Latency in data transfer between two
Approx. 100 ms
Approx. 3 ms
FHSS (1MHz channel)
FHSS (2MHz channel)
8 to 47
8 bit CRC(header), 16 bit CRC, 2/3
24 bit CRC, ACKs
64b/128b, user defined application
128 bits AES, user defined application
0.7 to 2.1 Mbps0.7 to 2.1 Mbps
less than 0.3 Mbps
What are the key features of
Low energy consumption so sensors can run on coin cell batteries
for more than a year
Low cost to implement in new products as well as existing products
More secure while transferring multiple data streams with
The wireless range can be optimized if necessary for any
High numbers of communication nodes with limited latency
Easy to use by scanning and connecting the BLE sensors
Global standard which supported by most hardware manufacturer and
Compatibility which allow multiple vendor interoperability
Smaller size than the classic Bluetooth to use in wearable
Can co-exist with other types of wireless technologies
Can track items on a real-time basis using location intelligence
Can send promotional offer notifications based on in-store
What are the threats of BLE?
BLE provides a lot advantages and convenience to
users but it does come with risk. Bluetooth technology and associated devices are susceptible to
general wireless networking threats, such as denial of service attacks, eavesdropping,
Man-in-the-middle (MITM) attacks, message modification, and resource misappropriation, and are
also threatened by more specific Bluetooth related attacks, such as the following:
BlueJacking This is the process where an attacker sends unsolicited messages or
business cards to a Bluetooth-enabled device, mostly for advertising purposes. Bluejacking
resembles spam and phishing attacks conducted against e-mail users. When a bluejacking
message is sent with a harmful intent, it might entice users to respond with action to add
the new contact to the device’s address book. Bluetooth device owners should be aware that
this might cause a variety of social engineering attacks where it manipulates user into
performing actions or divulging confidential information. Devices that are set in
non-discoverable mode are not susceptible to bluejacking and in order for bluejacking to
work; the sending and receiving devices must be within 10 meters distance.
Bluesnarfing This is a method to force a connection with a Bluetooth-enabled device
to gain access to data such as contact list, calendar, emails, text messages, pictures,
videos and the international mobile equipment identity (IMEI) stored in the memory. This is
confidentiality and integrity threat. As sensitive information may be stolen from devices
through bluesnarfing, it is much more malicious compared to bluejacking, even though both
exploit devices’ Bluetooth connections without the owners’ knowledge. By setting a device’s
Bluetooth to non-discoverable mode, the device becomes less susceptible to bluesnarfing
although it may still be bluesnarf-able via brute force attack.
Bluebugging This method was developed after the onset of bluejacking and
bluesnarfing where it allows attackers to remotely access a Bluetooth-enabled device and use
its features, such as read phone books, examine calendars, connect to the Internet, place
phone calls, eavesdrop on phone calls through call forwarding and send messages without the
user’s knowledge. As with all the attacks, the attacker must be within a 10 meters distance
from the device.
Bluesmack This is a Bluetooth Denial Of Service (DOS) attack where the
Bluetooth-enabled device is overwhelmed by malicious requests from an attacker, causing it
to be inoperable by its owner and draining the device’s battery, affecting the continued
operation of the device after the attack. Due to the proximity required for Bluetooth
connection, users can move the device to a new location to prevent the attack from
Tips on Safe Bluetooth Usage
You may already be using Bluetooth technology to
communicate to a mobile phone headset or connect your computer to an optical mouse, as with all
the good technology, attackers are finding ways to exploit the capabilities. Use the following
tips to help keep your Bluetooth-enabled device secure.
Turn off ‘discoverable’ mode when you don’t use
it The ‘discoverable’ mode on your device is only meant to be used to
“pair” two Bluetooth-enabled devices. When the pairing process is done, the ‘discoverable’
mode can be turned off as the devices should remember each other.
Don’t send sensitive information via
Bluetooth Refrain from communicating or transmitting sensitive and personal
information using the Bluetooth-enabled device as it might be sniffed.
Use strong passkey that is randomly generated when pairing Bluetooth devices and never
enter passkeys when unexpectedly prompted for them.
Remove lost or stolen devices from paired device
lists Maintain physical control of devices at all times.
Avoid accepting unknown attachments or applications received on
your phone or device if you were not expecting it no matter how legitimate it may be. If your
device asks to pair and you didn't initiate the pairing, deny it and check that your
'discoverable' setting is set to ‘off’ or ‘hidden’.
What security measure we
have taken? In order to secure all traffic between our IoT device and mobile
phone, TimeTec has added Advanced Encryption Standard (AES) encryption.
AES was published by the National Institute of Standards and Technology (NIST) in 2001 after the
evaluation process of the AES contest. Rijndael was the winner of the contest and NIST selected
it as the algorithm for AES. Starting from 2001, AES has been adopted by the U.S. government and
is now being used worldwide. It supersedes the Data Encryption Standard (DES) which was
published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same
key is used for both encrypting and decrypting the data. AES is considered secure, very fast and
compact which is about 1 kB of code, its block size is a multiple of 32 (typically 128 bits),
its key length is also multiples of 32 (typically 128, 192, or 256 bits), and it has a very neat
AES encryption is used for encoding the information being exchanged between Bluetooth devices in
such a way that eavesdroppers cannot read its contents. So, the contents that are sent between
TimeTec IoT device and mobile phone are safe and secure. Besides data encryption, we also have
adjusted the Bluetooth range or Bluetooth antenna of the IoT devices to fit for particular usage
and prevent someone Bluesnarfing on our IoT devices. For example, for a smartphone to connect to
a BLE door lock, the person must be within 1-2 meters from the IoT devive to prevent intruders
from eavesdropping from a corner.
In a nutshell, Bluetooth technology particularly BLE is a great addition to businesses and
consumers. However, it is also important for all users to understand the technology and the
risks involved in its use so the risks can be mitigated for better user