Bluetooth Security Measures on TimeTec BLE & IoT Product Series
What is Bluetooth?
Bluetooth is a wireless radio specification designed to replace cables as the medium for data and voice signal between electronic devices. The specification is defined by the Bluetooth Special Interest Group which is made up of over 1000 manufacturers. It is intended primarily for mobile devices and priority design for small size, low power consumption and low costs.

What is Bluetooth Low Energy (BLE)?
Bluetooth Low Energy (BLE) is the enhanced version of the classic Bluetooth technology. BLE is being talked about a lot in recent times within the IT and mobile industry. In recent years, high number of BLE applications has been launched in various industries such as for healthcare, smart home automation, security, retail, warehousing, advertising and etc.

BLE is energy saving compared to the classic Bluetooth and it can be used for various applications. For instance, BLE wireless protocol allows any nearby BLE compatible devices to communicate with smartphone, tablet or smartwatch to trigger the functionality in the application. For example, to lock or unlock your doors using your smartphone, monitoring your heartbeat using your smartwatch or tracking your lost items such as keys or wallet using a smartphone app.

The difference between Classic Bluetooth and Bluetooth Low Energy (BLE)
In summary, Bluetooth and BLE are used for very different purposes. Bluetooth can handle a lot of data, but consumes battery life pretty quickly and it costs a lot more. BLE on the other hand is used for applications that do not need to exchange large amounts of data, and can therefore run on battery power for years at a cheaper cost. BLE 4.0 first hit the market in 2011, followed by BLE 4.1 in 2013 and BLE 4.2 in 2014.

BLE 4.2 provides a data rate of up to 1 Mbps while consuming just 0.01 to 0.5 watts which is one third of the speed of Bluetooth Classic and consuming half the power.

Below is a clear picture of Bluetooth comparison:
Specifications
Bluetooth
Bluetooth Low Energy (BLE)
 
  Network/Topology Scatternet Star Bus
  Power Consumption Low (less than 30 mA) Very Low (less than 15 mA)
  Speed 700 Kbps 1 Mbps
  Range <30 m 50 meters( 150 meters in open field)
  RF Frequency Band 2400 MHz 2400 MHz
  Frequency Channels 79 channels from 2.400 GHz to 2.4835 GHz with 1 MHz spacing 40 channels from 2402MHz to 2480 MHz (includes 3 advertising and 37 data channels)
  Modulation GFSK (modulation index 0.35) , π/4 DQPSK, 8DPSK GFSK (modulation index 0.5)
  Latency in data transfer between two devices Approx. 100 ms Approx. 3 ms
  Spreading FHSS (1MHz channel) FHSS (2MHz channel)
  Link Layer TDMA TDMA
  Message Size(bytes) 358 (Max) 8 to 47
  Error Detection/Correction 8 bit CRC(header), 16 bit CRC, 2/3 FEC(payload), ACKs 24 bit CRC, ACKs
  Security 64b/128b, user defined application layer 128 bits AES, user defined application layer
  Application Throughput 0.7 to 2.1 Mbps0.7 to 2.1 Mbps less than 0.3 Mbps
  Nodes/Active Slaves 7 Unlimited
What are the key features of BLE?
Low energy consumption so sensors can run on coin cell batteries for more than a year
Low cost to implement in new products as well as existing products
More secure while transferring multiple data streams with encrypted connections
The wireless range can be optimized if necessary for any application
High numbers of communication nodes with limited latency requirements
Easy to use by scanning and connecting the BLE sensors
Global standard which supported by most hardware manufacturer and industries
Compatibility which allow multiple vendor interoperability
Smaller size than the classic Bluetooth to use in wearable devices.
Can co-exist with other types of wireless technologies
Can track items on a real-time basis using location intelligence
Can send promotional offer notifications based on in-store behavior
What are the threats of BLE?
BLE provides a lot advantages and convenience to users but it does come with risk. Bluetooth technology and associated devices are susceptible to general wireless networking threats, such as denial of service attacks, eavesdropping, Man-in-the-middle (MITM) attacks, message modification, and resource misappropriation, and are also threatened by more specific Bluetooth related attacks, such as the following:
BlueJacking
This is the process where an attacker sends unsolicited messages or business cards to a Bluetooth-enabled device, mostly for advertising purposes. Bluejacking resembles spam and phishing attacks conducted against e-mail users. When a bluejacking message is sent with a harmful intent, it might entice users to respond with action to add the new contact to the device’s address book. Bluetooth device owners should be aware that this might cause a variety of social engineering attacks where it manipulates user into performing actions or divulging confidential information. Devices that are set in non-discoverable mode are not susceptible to bluejacking and in order for bluejacking to work; the sending and receiving devices must be within 10 meters distance.
Bluesnarfing
This is a method to force a connection with a Bluetooth-enabled device to gain access to data such as contact list, calendar, emails, text messages, pictures, videos and the international mobile equipment identity (IMEI) stored in the memory. This is confidentiality and integrity threat. As sensitive information may be stolen from devices through bluesnarfing, it is much more malicious compared to bluejacking, even though both exploit devices’ Bluetooth connections without the owners’ knowledge. By setting a device’s Bluetooth to non-discoverable mode, the device becomes less susceptible to bluesnarfing although it may still be bluesnarf-able via brute force attack.
Bluebugging
This method was developed after the onset of bluejacking and bluesnarfing where it allows attackers to remotely access a Bluetooth-enabled device and use its features, such as read phone books, examine calendars, connect to the Internet, place phone calls, eavesdrop on phone calls through call forwarding and send messages without the user’s knowledge. As with all the attacks, the attacker must be within a 10 meters distance from the device.
Bluesmack
This is a Bluetooth Denial Of Service (DOS) attack where the Bluetooth-enabled device is overwhelmed by malicious requests from an attacker, causing it to be inoperable by its owner and draining the device’s battery, affecting the continued operation of the device after the attack. Due to the proximity required for Bluetooth connection, users can move the device to a new location to prevent the attack from happening.
Tips on Safe Bluetooth Usage
You may already be using Bluetooth technology to communicate to a mobile phone headset or connect your computer to an optical mouse, as with all the good technology, attackers are finding ways to exploit the capabilities. Use the following tips to help keep your Bluetooth-enabled device secure.
Turn off ‘discoverable’ mode when you don’t use it
The ‘discoverable’ mode on your device is only meant to be used to “pair” two Bluetooth-enabled devices. When the pairing process is done, the ‘discoverable’ mode can be turned off as the devices should remember each other.
Don’t send sensitive information via Bluetooth
Refrain from communicating or transmitting sensitive and personal information using the Bluetooth-enabled device as it might be sniffed.
Use strong passkey
that is randomly generated when pairing Bluetooth devices and never enter passkeys when unexpectedly prompted for them.
Remove lost or stolen devices from paired device lists
Maintain physical control of devices at all times.
Avoid accepting unknown attachments or applications received on your phone or device
if you were not expecting it no matter how legitimate it may be. If your device asks to pair and you didn't initiate the pairing, deny it and check that your 'discoverable' setting is set to ‘off’ or ‘hidden’.
What security measure we have taken?
In order to secure all traffic between our IoT device and mobile phone, TimeTec has added Advanced Encryption Standard (AES) encryption.

AES was published by the National Institute of Standards and Technology (NIST) in 2001 after the evaluation process of the AES contest. Rijndael was the winner of the contest and NIST selected it as the algorithm for AES. Starting from 2001, AES has been adopted by the U.S. government and is now being used worldwide. It supersedes the Data Encryption Standard (DES) which was published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. AES is considered secure, very fast and compact which is about 1 kB of code, its block size is a multiple of 32 (typically 128 bits), its key length is also multiples of 32 (typically 128, 192, or 256 bits), and it has a very neat algebraic description.

AES encryption is used for encoding the information being exchanged between Bluetooth devices in such a way that eavesdroppers cannot read its contents. So, the contents that are sent between TimeTec IoT device and mobile phone are safe and secure. Besides data encryption, we also have adjusted the Bluetooth range or Bluetooth antenna of the IoT devices to fit for particular usage and prevent someone Bluesnarfing on our IoT devices. For example, for a smartphone to connect to a BLE door lock, the person must be within 1-2 meters from the IoT devive to prevent intruders from eavesdropping from a corner.

In a nutshell, Bluetooth technology particularly BLE is a great addition to businesses and consumers. However, it is also important for all users to understand the technology and the risks involved in its use so the risks can be mitigated for better user experience.



Learn more about the Security in Bluetooth with its low energy features