S 4.363 Secure operation of Bluetooth devices

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator, User

Bluetooth devices must be secured appropriately. The safeguards to be taken are described in the following.

Stationary devices

Stationary devices where Bluetooth is used as a substitute for a cable, e.g. in order to establish a connection to the same peripheral devices over and over again, should be operated with an authentication method. Here, solutions with semi-permanent connection keys should be preferred. As a matter of principle, encryption should be enabled.

Mobile devices

Mobile Bluetooth devices communicating with third party devices (i.e. with devices having an unknown level of security) must be protected in particular:

• The pairing of devices should always be carried out in a tap-proof environment. An environment may be considered tap-proof if it is not possible to use Bluetooth to penetrate from the outside undetected. The range of your own Bluetooth devices is not decisive.
• Solutions with semi-permanent connection keys should be preferred.
• Connections should only be established with trustworthy devices.

If a mobile (and/or stationary) device is lost or stolen, all related connection keys in the remaining devices must be deleted. This is generally performed by deleting the corresponding entry in the list of Bluetooth devices of the remaining devices.

Use of Secure Simple Pairing

If both devices to be connected at least meet the Bluetooth specification 2.1 + EDR, Secure Simple Pairing should be used with security mode 4 and the attribute "authenticated" (see S 3.79 Introduction to basic terms and functional principle of Bluetooth). Services where this is not supported should not be used.

Notes on the selection of PINs for Bluetooth without SSP

PINs should be a sequence of the admissible characters that is as random as possible; trivial PINs such as "0000" or "1234" must be avoided. A sufficiently long PIN is required in order to reach sufficient levels of security when connecting two Bluetooth devices. PINs should have at least 6 digits. Normally, the PIN must only be entered when initially establishing a connection between devices (semi-permanent connection keys). If such a pair of devices requests the user to enter a PIN at an unexpected time, the user should not enter any PIN, if possible, until he/she has entered a tap-proof environment. It is recommendable to conduct corresponding user instruction or training.

Additional protection safeguards

As long as Bluetooth is not used, the Bluetooth interfaces of the devices should remain disabled. Whether this actually is the case must be checked sporadically. Furthermore, additional local protection safeguards should be installed and/or enabled on Bluetooth devices to the technically feasible extent. These include:

• access protection (e.g. anti-theft protection devices)
• user authentication
• protection against malware (e.g. anti-virus protection)
• personal firewall
• restrictive file and resource sharing on operating system level
• encryption of the terminal device:

It should be checked at regular intervals that all security settings performed are still up to date and whether these settings are efficient.

Additional information about this can be found in the modules for terminal device security. If there are any doubts, users should use module S 3.8 Internet PC as a reference and apply the related safeguards correspondingly.

Review questions:

• Are the Bluetooth interfaces of all devices disabled as long as no Bluetooth communication is performed?
• Is Secure Simple Pairing used to establish connections to other Bluetooth devices?