Bluetooth is a wireless radio specification designed to replace cables as the medium for data and voice signal between electronic devices. The specification is defined by the Bluetooth Special Interest Group which is made up of over 1000 manufacturers. It is intended primarily for mobile devices and priority design for small size, low power consumption and low costs.
What is Bluetooth Low Energy (BLE)?
Bluetooth Low Energy (BLE) is the enhanced version of the classic Bluetooth
technology. BLE is being talked about a lot in recent times within the IT and mobile industry. In recent
years, high number of BLE applications has been launched in various industries such as for healthcare,
smart home automation, security, retail, warehousing, advertising and etc.
BLE is energy saving compared to the classic Bluetooth and it can be used for various applications. For
instance, BLE wireless protocol allows any nearby BLE compatible devices to communicate with smartphone,
tablet or smartwatch to trigger the functionality in the application. For example, to lock or unlock
your doors using your smartphone, monitoring your heartbeat using your smartwatch or tracking your lost
items such as keys or wallet using a smartphone app.
The difference between Classic Bluetooth and Bluetooth Low Energy (BLE) |
In summary, Bluetooth and BLE are used for very
different purposes. Bluetooth can handle a lot of data, but consumes battery life
pretty quickly and it costs a lot more. BLE on the other hand is used for
applications that do not need to exchange large amounts of data, and can therefore
run on battery power for years at a cheaper cost. BLE 4.0 first hit the market in
2011, followed by BLE 4.1 in 2013 and BLE 4.2 in 2014. BLE 4.2 provides a data rate of up to 1 Mbps while consuming just 0.01 to 0.5 watts which is one third of the speed of Bluetooth Classic and consuming half the power. Below is a clear picture of Bluetooth comparison: |
|
|
|
|||||||||
Network/Topology | Scatternet | Star Bus | |||||||||
Power Consumption | Low (less than 30 mA) | Very Low (less than 15 mA) | |||||||||
Speed | 700 Kbps | 1 Mbps | |||||||||
Range | <30 m | 50 meters( 150 meters in open field) | |||||||||
RF Frequency Band | 2400 MHz | 2400 MHz | |||||||||
Frequency Channels | 79 channels from 2.400 GHz to 2.4835 GHz with 1 MHz spacing | 40 channels from 2402MHz to 2480 MHz (includes 3 advertising and 37 data channels) | |||||||||
Modulation | GFSK (modulation index 0.35) , π/4 DQPSK, 8DPSK | GFSK (modulation index 0.5) | |||||||||
Latency in data transfer between two devices | Approx. 100 ms | Approx. 3 ms | |||||||||
Spreading | FHSS (1MHz channel) | FHSS (2MHz channel) | |||||||||
Link Layer | TDMA | TDMA | |||||||||
Message Size(bytes) | 358 (Max) | 8 to 47 | |||||||||
Error Detection/Correction | 8 bit CRC(header), 16 bit CRC, 2/3 FEC(payload), ACKs | 24 bit CRC, ACKs | |||||||||
Security | 64b/128b, user defined application layer | 128 bits AES, user defined application layer | |||||||||
Application Throughput | 0.7 to 2.1 Mbps0.7 to 2.1 Mbps | less than 0.3 Mbps | |||||||||
Nodes/Active Slaves | 7 | Unlimited |
Low energy consumption so sensors can run on coin cell batteries for more than a year |
Low cost to implement in new products as well as existing products |
More secure while transferring multiple data streams with encrypted connections |
The wireless range can be optimized if necessary for any application |
High numbers of communication nodes with limited latency requirements |
Easy to use by scanning and connecting the BLE sensors |
Global standard which supported by most hardware manufacturer and industries |
Compatibility which allow multiple vendor interoperability |
Smaller size than the classic Bluetooth to use in wearable devices. |
Can co-exist with other types of wireless technologies |
Can track items on a real-time basis using location intelligence |
Can send promotional offer notifications based on in-store behavior |
This is the process where an attacker sends unsolicited messages or business cards to a Bluetooth-enabled device, mostly for advertising purposes. Bluejacking resembles spam and phishing attacks conducted against e-mail users. When a bluejacking message is sent with a harmful intent, it might entice users to respond with action to add the new contact to the device’s address book. Bluetooth device owners should be aware that this might cause a variety of social engineering attacks where it manipulates user into performing actions or divulging confidential information. Devices that are set in non-discoverable mode are not susceptible to bluejacking and in order for bluejacking to work; the sending and receiving devices must be within 10 meters distance.
This is a method to force a connection with a Bluetooth-enabled device to gain access to data such as contact list, calendar, emails, text messages, pictures, videos and the international mobile equipment identity (IMEI) stored in the memory. This is confidentiality and integrity threat. As sensitive information may be stolen from devices through bluesnarfing, it is much more malicious compared to bluejacking, even though both exploit devices’ Bluetooth connections without the owners’ knowledge. By setting a device’s Bluetooth to non-discoverable mode, the device becomes less susceptible to bluesnarfing although it may still be bluesnarf-able via brute force attack.
This method was developed after the onset of bluejacking and bluesnarfing where it allows attackers to remotely access a Bluetooth-enabled device and use its features, such as read phone books, examine calendars, connect to the Internet, place phone calls, eavesdrop on phone calls through call forwarding and send messages without the user’s knowledge. As with all the attacks, the attacker must be within a 10 meters distance from the device.
This is a Bluetooth Denial Of Service (DOS) attack where the Bluetooth-enabled device is overwhelmed by malicious requests from an attacker, causing it to be inoperable by its owner and draining the device’s battery, affecting the continued operation of the device after the attack. Due to the proximity required for Bluetooth connection, users can move the device to a new location to prevent the attack from happening.
The ‘discoverable’ mode on your device is only meant to be used to “pair” two Bluetooth-enabled devices. When the pairing process is done, the ‘discoverable’ mode can be turned off as the devices should remember each other.
Refrain from communicating or transmitting sensitive and personal information using the Bluetooth-enabled device as it might be sniffed.
that is randomly generated when pairing Bluetooth devices and never enter passkeys when unexpectedly prompted for them.
Maintain physical control of devices at all times.
if you were not expecting it no matter how legitimate it may be. If your device asks to pair and you didn't initiate the pairing, deny it and check that your 'discoverable' setting is set to ‘off’ or ‘hidden’.
In order to secure all traffic between our IoT device and mobile phone, TimeTec has added Advanced Encryption Standard (AES) encryption.
AES was published by the National Institute of Standards and Technology (NIST) in 2001 after the evaluation process of the AES contest. Rijndael was the winner of the contest and NIST selected it as the algorithm for AES. Starting from 2001, AES has been adopted by the U.S. government and is now being used worldwide. It supersedes the Data Encryption Standard (DES) which was published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. AES is considered secure, very fast and compact which is about 1 kB of code, its block size is a multiple of 32 (typically 128 bits), its key length is also multiples of 32 (typically 128, 192, or 256 bits), and it has a very neat algebraic description.
AES encryption is used for encoding the information being exchanged between Bluetooth devices in such a way that eavesdroppers cannot read its contents. So, the contents that are sent between TimeTec IoT device and mobile phone are safe and secure. Besides data encryption, we also have adjusted the Bluetooth range or Bluetooth antenna of the IoT devices to fit for particular usage and prevent someone Bluesnarfing on our IoT devices. For example, for a smartphone to connect to a BLE door lock, the person must be within 1-2 meters from the IoT devive to prevent intruders from eavesdropping from a corner.
In a nutshell, Bluetooth technology particularly BLE is a great addition to businesses and consumers. However, it is also important for all users to understand the technology and the risks involved in its use so the risks can be mitigated for better user experience.
Learn more about the Security in Bluetooth with its low energy features