Bluetooth insecurity — an older story than I thought

While putting together the Footnotes for my column in today’s Observer, I suddenly remembered that Bruce Schneier had queried the security of Bluetooth way back in 2000 — when the technology was still mostly a gleam in a consortium’s eye. Here’s what he said then:

“Bluetooth is … an eavesdropper’s dream. Eavesdrop from up to 300 feet away with normal equipment, and probably a lot further if you try. Eavesdrop on the CRT and a lot more. Listen as a computer communicates with a scanner, printer, or wireless LAN. Listen as a keyboard communicates with a computer. (Whose password do you want to capture today?) Is anyone developing a Bluetooth-enabled smart card reader?

What amazes me is the dearth of information about the security of this protocol. I’m sure someone has thought about it, a team designed some security into Bluetooth, and that those designers believe it to be secure. But has anyone reputable examined the protocol? Is the implementation known to be correct? Are there any programming errors? If Bluetooth is secure, it will be the first time ever that a major protocol has been released without any security flaws. I’m not optimistic.

And what about privacy? Bluetooth devices regularly broadcast a unique ID. Can that be used to track someone’s movements?

The stampede towards Bluetooth continues unawares. Expect all sorts of vulnerabilities, patches, workarounds, spin control, and the like. And treat Bluetooth as a broadcast protocol, because that’s what it is.”