Bluetooth SIG Adopts Version 4.2
The Bluetooth Special Interest Group (SIG) adopted version 4.2 of the Bluetooth core specification, opening the door to the next generation of Bluetooth devices featuring enhanced security features, faster speed and IP connectivity. An NSA report had outlined a “diverse set” of vulnerabilities with Bluetooth communications. Bluetooth attacks involve “identity detection, location tracking, denial of service, unintended control and access of data and voice channels, and unauthorized device control and data access,” the NSA said, "due to headset profiles’ support for powerful telephony signal commands" and users’ weak passwords such as 0000.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
Bluetooth SIG called the latest security features in Bluetooth 4.2 “government-grade” and said they put control “back in the hands of the consumer by making it difficult for eavesdroppers to track a device through its Bluetooth connection without permission.” Errett Kroeter, senior marketing director for Bluetooth SIG, acknowledged privacy concerns and told us the new version encrypts the Bluetooth address that’s created from a media access control (MAC) address so only a previously paired device would be able to resolve an encoded MAC address. After implementing Bluetooth 4.2, “someone would only see a MAC address once and not be able to resolve it to the same device,” he said.
Bluetooth SIG said in a Wednesday news release that the new privacy features of 4.2 ensure that unless consumers have enabled permission for a beacon to engage with their mobile device, “you can’t be tracked.” The Bluetooth SIG FAQ section on 4.2 says in the new version “a Bluetooth Smart location tracker can only be followed by the owner or trusted group.” Users are available to messages from beacons in Bluetooth 4.2 through a “trusted relationship” that a user has agreed to by downloading an app, Kroeter told us. Privacy continues to be an issue “for everybody,” Kroeter said, “so we’re just doing everything we can.”
Bluetooth 4.2 also adds IP connectivity, positioning Bluetooth for use in the connected home. In a couple of weeks, Bluetooth SIG plans to announce a profile for data to “ride on top of Bluetooth 4.2,” Kroeter said, which will provide an IPv6 address directly to a Bluetooth device. Current Bluetooth-enabled devices have a Bluetooth address but not an IP address, meaning today it's not possible to type an IP address into a Web browser and have a Bluetooth device come up. Bluetooth 4.2 will enable that, he said.
Enabling remote management of previously uncontrollable devices is a Bluetooth benefit to the smart home space, Kroeter said. The scenario today for controlling home devices is through an app on a smartphone or tablet, “but when your phone or tablet goes out the door, your connection to those devices ends,” he said. In the Bluetooth future, devices can talk to the cloud via a router and provide information to a cloud-based app, he said.
Bluetooth isn’t a competitor to Wi-Fi-based smart devices, which are better suited to transmitting large amounts of data, Kroeter said. But Wi-Fi isn’t well-suited for very low power situations, he said. Bluetooth Smart, or Bluetooth Low Energy, draws less power by “orders of magnitude," he said. “If you have something that you want to power by a tiny battery for years, then Wi-Fi is not a viable option.” Bluetooth Smart is optimized for low-power situations where it’s necessary to send small amounts of data periodically. “If you need to stream video, Wi-Fi is well-suited to that," said Kroter. "It’s not what Bluetooth was designed to do."