Bluetooth security in Windows 10


For a wireless technology standard formally established in the 1990s, Bluetooth has shown remarkable resilience and longevity. More than two decades later, we now have more Bluetooth-enabled devices in our homes than ever before.

PCs, mobile phones, speakers, earphones, TVs, keyboards, mice, controllers, fitness trackers, watches — all these devices and peripherals use this standard for communicating with each other. And with the rising popularity of the Internet of Things (IoT) and more smart devices, Bluetooth looks to be in for the long haul.

DevOps Connect:DevSecOps @ RSAC 2022

Why does it still exist?

For such a popular and crucial communications standard, Bluetooth is surprisingly full of flaws, both from the perspective of user experience and device security. Connections are notoriously unreliable and prone to sudden breaks, signal speeds are slow and recent research has unearthed several important security flaws.

The only reason why Bluetooth still exists is that it is relatively easy to implement, easy to use and cheap to manufacture. That last part is mainly due to its use of 2.4 GHz frequency, or the ISM band (Industrial, Scientific and Medical devices). ISM frequency devices do not require an FCC license, which makes them incredibly attractive for manufacturers.

Despite being around for 20 years, Bluetooth is still rather poorly understood by general tech protocol standards. A lot of this is down to how its communications standard was developed in the 1980s and ‘90s by multiple expert committees and groups.

So in truth, there is no single Bluetooth protocol, but rather a collection of different protocols compiled into a single, long, rambling standard. At nearly 3,000 pages, it is ten times as long as other comparable standards like Wi-Fi. 

Bluetooth security issues

Due to such complexity, in-depth security analysis of the entire length and breadth of Bluetooth protocols has not occurred (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Preetam Kaushik. Read the original post at: